├── AUTHORS ├── COPYING ├── COPYING.GPL ├── COPYING.LGPL ├── ChangeLog ├── KNOWN-BUGS ├── Makefile.am ├── NEWS ├── README ├── TODO ├── VERSION.in ├── apol ├── Makefile.am ├── analysis_tab.tcl ├── apol.gif ├── apol.png ├── apol.xcf ├── apol_help.txt ├── apol_tcl.cc ├── apol_tcl.i ├── bounds_tab.tcl ├── classes_perms_tab.tcl ├── common_widgets.tcl ├── cond_bools_tab.tcl ├── cond_rules_tab.tcl ├── constraints_tab.tcl ├── context_dialog.tcl ├── context_selector.tcl ├── default_objects_tab.tcl ├── directflow_module.tcl ├── domaintrans_help.txt ├── domaintrans_module.tcl ├── file_contexts_tab.tcl ├── file_relabel_help.txt ├── find.tcl ├── foo_module.tcl ├── fscontexts_tab.tcl ├── goto.tcl ├── head.tcl ├── infoflow_help.txt ├── initial_sids_tab.tcl ├── level_dialog.tcl ├── mls_tab.tcl ├── namespaces_tab.tcl ├── netcontexts_tab.tcl ├── open_policy_dialog.tcl ├── perm_maps │ ├── apol_perm_mapping_ver12 │ ├── apol_perm_mapping_ver15 │ ├── apol_perm_mapping_ver16 │ ├── apol_perm_mapping_ver17 │ ├── apol_perm_mapping_ver18 │ ├── apol_perm_mapping_ver19 │ ├── apol_perm_mapping_ver20 │ ├── apol_perm_mapping_ver21 │ ├── apol_perm_mapping_ver22 │ ├── apol_perm_mapping_ver23 │ └── apol_perm_mapping_ver24 ├── perms_map.tcl ├── polcap_tab.tcl ├── policyconf.tcl ├── progress_dialog.tcl ├── range_dialog.tcl ├── range_selector.tcl ├── range_trans.tcl ├── rbac_tab.tcl ├── relabel_module.tcl ├── roles_tab.tcl ├── terules_tab.tcl ├── top.tcl ├── transflow_module.tcl ├── types_relation_help.txt ├── types_relation_module.tcl ├── types_tab.tcl ├── users_tab.tcl └── util.tcl ├── configure.ac ├── debian ├── Makefile.am ├── changelog ├── compat ├── control ├── copyright ├── docs ├── libsetools-dev.install ├── libsetools-java.install ├── libsetools-jni.install ├── libsetools-jni.postinst ├── libsetools-jni.postrm ├── libsetools-python.install ├── libsetools-python.postinst ├── libsetools-tcl.install ├── libsetools.install ├── libsetools.postinst ├── libsetools.postrm ├── rules ├── setools-console.install ├── setools.install ├── setools.menu ├── setools.postinst ├── setools.postrm └── watch ├── libapol ├── Makefile.am ├── include │ ├── Makefile.am │ └── apol │ │ ├── Makefile.am │ │ ├── avrule-query.h │ │ ├── bool-query.h │ │ ├── bounds-query.h │ │ ├── bst.h │ │ ├── class-perm-query.h │ │ ├── condrule-query.h │ │ ├── constraint-query.h │ │ ├── context-query.h │ │ ├── default-object-query.h │ │ ├── domain-trans-analysis.h │ │ ├── fscon-query.h │ │ ├── ftrule-query.h │ │ ├── infoflow-analysis.h │ │ ├── isid-query.h │ │ ├── mls-query.h │ │ ├── mls_level.h │ │ ├── mls_range.h │ │ ├── netcon-query.h │ │ ├── perm-map.h │ │ ├── permissive-query.h │ │ ├── polcap-query.h │ │ ├── policy-path.h │ │ ├── policy-query.h │ │ ├── policy.h │ │ ├── range_trans-query.h │ │ ├── rbacrule-query.h │ │ ├── relabel-analysis.h │ │ ├── render.h │ │ ├── role-query.h │ │ ├── terule-query.h │ │ ├── type-query.h │ │ ├── types-relation-analysis.h │ │ ├── user-query.h │ │ ├── util.h │ │ └── vector.h ├── src │ ├── Makefile.am │ ├── avrule-query.c │ ├── bool-query.c │ ├── bounds-query.c │ ├── bst.c │ ├── class-perm-query.c │ ├── condrule-query.c │ ├── constraint-query.c │ ├── context-query.c │ ├── default-object-query.c │ ├── domain-trans-analysis-internal.h │ ├── domain-trans-analysis.c │ ├── fscon-query.c │ ├── ftrule-query.c │ ├── infoflow-analysis-internal.h │ ├── infoflow-analysis.c │ ├── isid-query.c │ ├── libapol.map │ ├── mls-query.c │ ├── mls_level.c │ ├── mls_range.c │ ├── netcon-query.c │ ├── perm-map.c │ ├── permissive-query.c │ ├── polcap-query.c │ ├── policy-path.c │ ├── policy-query-internal.h │ ├── policy-query.c │ ├── policy.c │ ├── queue.c │ ├── queue.h │ ├── range_trans-query.c │ ├── rbacrule-query.c │ ├── relabel-analysis.c │ ├── render.c │ ├── role-query.c │ ├── terule-query.c │ ├── type-query.c │ ├── types-relation-analysis.c │ ├── user-query.c │ ├── util.c │ ├── vector-internal.h │ └── vector.c ├── swig │ ├── Makefile.am │ ├── apol.i │ ├── java │ │ ├── MANIFEST.MF.in │ │ └── Makefile.am │ ├── python │ │ └── Makefile.am │ └── tcl │ │ └── Makefile.am └── tests │ ├── Makefile.am │ ├── avrule-tests.c │ ├── avrule-tests.h │ ├── constrain-tests.c │ ├── constrain-tests.h │ ├── dta-tests.c │ ├── dta-tests.h │ ├── infoflow-tests.c │ ├── infoflow-tests.h │ ├── libapol-tests.c │ ├── policy-21-tests.c │ ├── policy-21-tests.h │ ├── role-tests.c │ ├── role-tests.h │ ├── terule-tests.c │ ├── terule-tests.h │ ├── user-tests.c │ └── user-tests.h ├── libpoldiff ├── Makefile.am ├── include │ ├── Makefile.am │ └── poldiff │ │ ├── Makefile.am │ │ ├── attrib_diff.h │ │ ├── avrule_diff.h │ │ ├── bool_diff.h │ │ ├── cat_diff.h │ │ ├── class_diff.h │ │ ├── component_record.h │ │ ├── level_diff.h │ │ ├── poldiff.h │ │ ├── range_diff.h │ │ ├── range_trans_diff.h │ │ ├── rbac_diff.h │ │ ├── role_diff.h │ │ ├── terule_diff.h │ │ ├── type_diff.h │ │ ├── type_map.h │ │ ├── user_diff.h │ │ └── util.h ├── src │ ├── Makefile.am │ ├── attrib_diff.c │ ├── attrib_internal.h │ ├── avrule_diff.c │ ├── avrule_internal.h │ ├── bool_diff.c │ ├── bool_internal.h │ ├── cat_diff.c │ ├── cat_internal.h │ ├── class_diff.c │ ├── class_internal.h │ ├── level_diff.c │ ├── level_internal.h │ ├── libpoldiff.map │ ├── poldiff.c │ ├── poldiff_internal.h │ ├── range_diff.c │ ├── range_internal.h │ ├── range_trans_diff.c │ ├── range_trans_internal.h │ ├── rbac_diff.c │ ├── rbac_internal.h │ ├── role_diff.c │ ├── role_internal.h │ ├── terule_diff.c │ ├── terule_internal.h │ ├── type_diff.c │ ├── type_internal.h │ ├── type_map.c │ ├── type_map_internal.h │ ├── user_diff.c │ ├── user_internal.h │ ├── util.c │ └── writing-diffs-HOWTO ├── swig │ ├── Makefile.am │ ├── java │ │ ├── MANIFEST.MF.in │ │ └── Makefile.am │ ├── poldiff.i │ ├── python │ │ └── Makefile.am │ └── tcl │ │ └── Makefile.am └── tests │ ├── Makefile.am │ ├── components-tests.c │ ├── components-tests.h │ ├── libpoldiff-tests.c │ ├── libpoldiff-tests.h │ ├── mls-tests.c │ ├── mls-tests.h │ ├── nomls-tests.c │ ├── nomls-tests.h │ ├── policy-defs.h │ ├── rules-tests.c │ └── rules-tests.h ├── libqpol ├── Makefile.am ├── include │ ├── Makefile.am │ └── qpol │ │ ├── Makefile.am │ │ ├── avrule_query.h │ │ ├── bool_query.h │ │ ├── bounds_query.h │ │ ├── class_perm_query.h │ │ ├── cond_query.h │ │ ├── constraint_query.h │ │ ├── context_query.h │ │ ├── default_object_query.h │ │ ├── fs_use_query.h │ │ ├── ftrule_query.h │ │ ├── genfscon_query.h │ │ ├── isid_query.h │ │ ├── iterator.h │ │ ├── mls_query.h │ │ ├── mlsrule_query.h │ │ ├── module.h │ │ ├── netifcon_query.h │ │ ├── nodecon_query.h │ │ ├── permissive_query.h │ │ ├── polcap_query.h │ │ ├── policy.h │ │ ├── policy_extend.h │ │ ├── portcon_query.h │ │ ├── rbacrule_query.h │ │ ├── role_query.h │ │ ├── syn_rule_query.h │ │ ├── terule_query.h │ │ ├── type_query.h │ │ ├── user_query.h │ │ └── util.h ├── src │ ├── Makefile.am │ ├── avrule_query.c │ ├── bool_query.c │ ├── bounds_query.c │ ├── class_perm_query.c │ ├── cond_query.c │ ├── constraint_query.c │ ├── context_query.c │ ├── default_object_query.c │ ├── expand.c │ ├── expand.h │ ├── fs_use_query.c │ ├── ftrule_query.c │ ├── genfscon_query.c │ ├── isid_query.c │ ├── iterator.c │ ├── iterator_internal.h │ ├── libqpol.map │ ├── mls_query.c │ ├── mlsrule_query.c │ ├── module.c │ ├── module_compiler.c │ ├── module_compiler.h │ ├── netifcon_query.c │ ├── nodecon_query.c │ ├── permissive_query.c │ ├── polcap_query.c │ ├── policy.c │ ├── policy_define.c │ ├── policy_define.h │ ├── policy_extend.c │ ├── policy_parse.y │ ├── policy_scan.l │ ├── portcon_query.c │ ├── qpol_internal.h │ ├── queue.c │ ├── queue.h │ ├── rbacrule_query.c │ ├── role_query.c │ ├── syn_rule_internal.h │ ├── syn_rule_query.c │ ├── terule_query.c │ ├── type_query.c │ ├── user_query.c │ └── util.c ├── swig │ ├── Makefile.am │ ├── java │ │ ├── MANIFEST.MF.in │ │ └── Makefile.am │ ├── python │ │ ├── Makefile.am │ │ └── __init__.py │ ├── qpol.i │ └── tcl │ │ └── Makefile.am └── tests │ ├── Makefile.am │ ├── capabilities-tests.c │ ├── capabilities-tests.h │ ├── iterators-tests.c │ ├── iterators-tests.h │ ├── libqpol-tests.c │ ├── policy-features-tests.c │ └── policy-features-tests.h ├── libseaudit ├── Makefile.am ├── include │ ├── Makefile.am │ └── seaudit │ │ ├── Makefile.am │ │ ├── avc_message.h │ │ ├── bool_message.h │ │ ├── filter.h │ │ ├── load_message.h │ │ ├── log.h │ │ ├── message.h │ │ ├── model.h │ │ ├── parse.h │ │ ├── report.h │ │ ├── sort.h │ │ └── util.h ├── src │ ├── Makefile.am │ ├── avc_message.c │ ├── bool_message.c │ ├── filter-internal.c │ ├── filter-internal.h │ ├── filter.c │ ├── libseaudit.map │ ├── load_message.c │ ├── log.c │ ├── message.c │ ├── model.c │ ├── parse.c │ ├── report.c │ ├── seaudit_internal.h │ ├── sort.c │ └── util.c ├── swig │ ├── Makefile.am │ ├── java │ │ ├── MANIFEST.MF.in │ │ └── Makefile.am │ ├── python │ │ └── Makefile.am │ ├── seaudit.i │ └── tcl │ │ └── Makefile.am └── tests │ ├── Makefile.am │ ├── filters.c │ ├── filters.h │ ├── libseaudit-tests.c │ ├── parse_file.c │ └── parse_file.h ├── libsefs ├── Makefile.am ├── include │ ├── Makefile.am │ └── sefs │ │ ├── Makefile.am │ │ ├── db.hh │ │ ├── entry.hh │ │ ├── fcfile.hh │ │ ├── fclist.hh │ │ ├── filesystem.hh │ │ ├── query.hh │ │ └── util.h ├── src │ ├── Makefile.am │ ├── db.cc │ ├── entry.cc │ ├── fcfile.cc │ ├── fclist.cc │ ├── filesystem.cc │ ├── libsefs.map │ ├── new_ftw.c │ ├── new_ftw.h │ ├── query.cc │ ├── sefs_internal.hh │ └── util.c ├── swig │ ├── Makefile.am │ ├── java │ │ ├── MANIFEST.MF.in │ │ └── Makefile.am │ ├── python │ │ └── Makefile.am │ ├── sefs.i │ └── tcl │ │ └── Makefile.am └── tests │ ├── Makefile.am │ ├── attic │ ├── fuse_non_mls.c │ └── launch-libsefs-tests.sh │ ├── fcfile-tests.cc │ ├── fcfile-tests.hh │ ├── file_contexts.broken │ ├── file_contexts.confed │ ├── file_contexts.union │ └── libsefs-tests.cc ├── m4 ├── ac_check_classpath.m4 ├── ac_java_options.m4 ├── ac_pkg_swig.m4 ├── ac_prog_jar.m4 ├── ac_prog_java.m4 ├── ac_prog_java_works.m4 ├── ac_prog_javac.m4 ├── ac_prog_javac_works.m4 ├── ac_python_devel.m4 ├── c.m4 ├── swig_python.m4 └── tcl.m4 ├── man ├── Makefile.am ├── apol.1 ├── findcon.1 ├── indexcon.1 ├── replcon.1 ├── seaudit-report.8.in ├── seaudit.8 ├── sechecker.1 ├── sediff.1 ├── sediffx.1 ├── seinfo.1 └── sesearch.1 ├── packages ├── BWidget-1.8.0.tar.bz2 ├── Doxyfile ├── Makefile.am ├── combobox.tcl ├── libapol.pc.in ├── libpoldiff.pc.in ├── libqpol.pc.in ├── libseaudit.pc.in ├── libsefs.pc.in ├── mainframe.tcl ├── notebook.tcl └── rpm │ ├── Makefile.am │ ├── apol.desktop.in │ ├── fc9-compile.patch │ ├── seaudit.console.in │ ├── seaudit.desktop.in │ ├── seaudit.pam │ ├── sediffx.desktop.in │ └── setools.spec ├── python ├── Makefile.am └── setools │ ├── Makefile.am │ ├── __init__.py │ ├── seinfo.c │ ├── sesearch.c │ └── setup.py ├── seaudit ├── Makefile.am ├── dot_seaudit.in ├── filter_view.c ├── filter_view.h ├── message_view.c ├── message_view.h ├── modify_view.c ├── modify_view.h ├── open_policy_window.c ├── open_policy_window.h ├── policy_components_view.c ├── policy_components_view.h ├── policy_view.c ├── policy_view.h ├── preferences.c ├── preferences.h ├── preferences_view.c ├── preferences_view.h ├── progress.c ├── progress.h ├── report_window.c ├── report_window.h ├── seaudit-report-group.conf ├── seaudit-report-service.conf ├── seaudit-report-service.in ├── seaudit-report.c ├── seaudit-report.conf ├── seaudit-report.css ├── seaudit-small.png ├── seaudit.c ├── seaudit.glade ├── seaudit.gladep ├── seaudit.h ├── seaudit.png ├── seaudit.xcf ├── seaudit_help.txt ├── toplevel.c ├── toplevel.h ├── utilgui.c └── utilgui.h ├── sechecker ├── Makefile.am ├── modules │ ├── attribs_wo_rules.c │ ├── attribs_wo_rules.h │ ├── attribs_wo_types.c │ ├── attribs_wo_types.h │ ├── domain_and_file.c │ ├── domain_and_file.h │ ├── domains_wo_roles.c │ ├── domains_wo_roles.h │ ├── find_assoc_types.c │ ├── find_assoc_types.h │ ├── find_domains.c │ ├── find_domains.h │ ├── find_file_types.c │ ├── find_file_types.h │ ├── find_net_domains.c │ ├── find_net_domains.h │ ├── find_netif_types.c │ ├── find_netif_types.h │ ├── find_node_types.c │ ├── find_node_types.h │ ├── find_port_types.c │ ├── find_port_types.h │ ├── imp_range_trans.c │ ├── imp_range_trans.h │ ├── inc_dom_trans.c │ ├── inc_dom_trans.h │ ├── inc_mount.c │ ├── inc_mount.h │ ├── inc_net_access.c │ ├── inc_net_access.h │ ├── roles_wo_allow.c │ ├── roles_wo_allow.h │ ├── roles_wo_types.c │ ├── roles_wo_types.h │ ├── roles_wo_users.c │ ├── roles_wo_users.h │ ├── spurious_audit.c │ ├── spurious_audit.h │ ├── template │ │ ├── profiles.readme │ │ ├── template.howto │ │ ├── xx.c │ │ └── xx.h │ ├── types_wo_allow.c │ ├── types_wo_allow.h │ ├── unreachable_doms.c │ ├── unreachable_doms.h │ ├── users_wo_roles.c │ └── users_wo_roles.h ├── profiles │ ├── all-checks-no-mls.sechecker │ ├── all-checks.sechecker │ ├── analysis-checks.sechecker │ ├── devel-checks.sechecker │ └── sechecker.dtd ├── register_list.c ├── register_list.h ├── sechecker.c ├── sechecker.h ├── sechecker_cli.c ├── sechecker_help.txt ├── sechk_parse.c └── sechk_parse.h ├── secmds ├── Makefile.am ├── findcon.cc ├── indexcon.cc ├── replcon.cc ├── seinfo.c └── sesearch.c └── sediff ├── Makefile.am ├── find_dialog.c ├── find_dialog.h ├── open_policies_dialog.c ├── open_policies_dialog.h ├── policy_view.c ├── policy_view.h ├── progress.c ├── progress.h ├── remap_types_dialog.c ├── remap_types_dialog.h ├── result_item.c ├── result_item.h ├── result_item_render.c ├── result_item_render.h ├── results.c ├── results.h ├── sediff.c ├── sediff_help.txt ├── sediffx-small.png ├── sediffx-small.xcf ├── sediffx.c ├── sediffx.glade ├── sediffx.h ├── sediffx.png ├── sediffx.xcf ├── select_diff_dialog.c ├── select_diff_dialog.h ├── toplevel.c ├── toplevel.h ├── utilgui.c └── utilgui.h /AUTHORS: -------------------------------------------------------------------------------- 1 | SETools - Policy analysis tools for SELinux (C) 2001-2010 2 | Tresys Technology 3 | setools@tresys.com, http://oss.tresys.com/projects/setools 4 | 5 | Contributors: 6 | 7 | Alex Alberg 8 | James Athey 9 | Jeff Bankert 10 | Kevin Carr 11 | Alessandro Ferrucci 12 | Mark Goldman 13 | Ryan Jordan 14 | Karl MacMillan 15 | Frank Mayer 16 | Jeremy A. Mowery 17 | John Oliver 18 | Anand Patel 19 | Don Patterson 20 | Chris PeBenito 21 | Paul Rosenfeld 22 | Spencer Shimko 23 | Jeremy Solt 24 | David Sugar 25 | Jason Tang 26 | Karen Vance 27 | Brandon Whalen 28 | Meggan Whalen 29 | Randy Wicks 30 | David Windsor 31 | -------------------------------------------------------------------------------- /COPYING: -------------------------------------------------------------------------------- 1 | The SETools package contains files under two licences - 2 | the GNU General Public License and the GNU Lesser General Public License. 3 | See COPYING.GPL and COPYING.LGPL respectively for the full text of 4 | these licences. All files distributed with this package indicate the 5 | appropriate license to use with that file. 6 | -------------------------------------------------------------------------------- /TODO: -------------------------------------------------------------------------------- 1 | SETools TODO List 2 | ======================= 3 | The following items are desirable features to be considered for future 4 | versions. 5 | 6 | Recent policies list - similar to that in seaudit - sediffx 7 | 8 | Improved type feedback - convert results to Tk table and permit 9 | right-click to pull up type info dialog - apol 10 | 11 | Module source loading - load .te and .if sources for modules - all 12 | tools 13 | 14 | Global semantic/syntactic option - allow semantic and syntactic search 15 | globally - apol 16 | 17 | Report generation - similar to saved queries export query results - 18 | apol 19 | 20 | Role dominance queries - query for role dominance relationships - apol 21 | & seinfo(display only) 22 | 23 | Constraint analysis - features to search and analyze constraints - 24 | apol 25 | 26 | Result filtering/sorting - allow rule diffs to be sorted or filtered 27 | by various fields - sediffx 28 | 29 | Duplicate TE warning - can we remove it - parser 30 | -------------------------------------------------------------------------------- /VERSION.in: -------------------------------------------------------------------------------- 1 | @VERSION@ 2 | -------------------------------------------------------------------------------- /apol/apol.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OwlCyberDefense/setools3/f1e5b208d507171968ca4d2eeefd7980f1004a3c/apol/apol.gif -------------------------------------------------------------------------------- /apol/apol.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OwlCyberDefense/setools3/f1e5b208d507171968ca4d2eeefd7980f1004a3c/apol/apol.png -------------------------------------------------------------------------------- /apol/apol.xcf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OwlCyberDefense/setools3/f1e5b208d507171968ca4d2eeefd7980f1004a3c/apol/apol.xcf -------------------------------------------------------------------------------- /apol/head.tcl: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # \ 3 | exec tclsh "$0" ${1+"$@"} 4 | 5 | ############################################################## 6 | # 7 | # apol: SELinux Policy Analysis Tools 8 | # 9 | # Copyright (C) 2002-2007 Tresys Technology, LLC 10 | # This program is free software; you can redistribute it and/or modify 11 | # it under the terms of the GNU General Public License as published by 12 | # the Free Software Foundation; either version 2 of the License, or 13 | # (at your option) any later version. 14 | # 15 | # This program is distributed in the hope that it will be useful, 16 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | # GNU General Public License for more details. 19 | # 20 | # You should have received a copy of the GNU General Public License 21 | # along with this program; if not, write to the Free Software 22 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 23 | # 24 | # Question/comments to: setools@tresys.com 25 | # 26 | # This tool is designed to analyze SELinux policies. See the 27 | # assoicated help file for more information. 28 | # 29 | ############################################################## 30 | -------------------------------------------------------------------------------- /apol/types_relation_help.txt: -------------------------------------------------------------------------------- 1 | An overview of types relationship summary analysis 2 | 3 | 4 | Understanding types relationship summary analysis 5 | ------------------------------------------------- 6 | The types relationship summary analysis in apol is a convenience 7 | mechanism to allow a user to quickly do several queries and analyses 8 | already in present in apol to understand the relationship between two 9 | types. It is meant to quickly display the relationship between two 10 | types and therefore does not include all of the options present in the 11 | standard queries and analyses. The analyses are grouped into two 12 | categories: Basic and Analysis. 13 | 14 | 15 | Basic 16 | ----- 17 | The basic group includes several rule searches that can be performed 18 | using the Policy Rules tab. 19 | 20 | Common Attributes: the attributes common to both types. 21 | 22 | Common Roles: the roles to which both types are assigned. 23 | 24 | Common Users: the users allowed associate with roles to which both 25 | types are assigned. 26 | 27 | Similar Access to Resources: object types to which both types have 28 | some access. 29 | 30 | Dissimilar Access to Resources: object types to which one type has 31 | some access but the other type has none. 32 | 33 | TE Allow Rules: rules that provide direct access between both types. 34 | 35 | Type Transition / Change Rules: type_* rules that allow transitions 36 | between both types. 37 | 38 | 39 | Analysis 40 | -------- 41 | The analysis group includes several other analyses that can be 42 | performed using the Analysis tab. 43 | 44 | Direct Flows Between A and B: direct information flow analysis between 45 | the two types. 46 | 47 | Transitive Flows A->B: transitive information flows from type A to B. 48 | 49 | Transitive Flows B->A: transitive information flows from type B to A. 50 | 51 | Domain Transitions A->B: domain transitions allowed from type A to B. 52 | 53 | Domain Transitions B->A: domain transitions allowed from type B to A. 54 | -------------------------------------------------------------------------------- /debian/Makefile.am: -------------------------------------------------------------------------------- 1 | dist_noinst_DATA = \ 2 | changelog \ 3 | compat \ 4 | control \ 5 | copyright \ 6 | docs \ 7 | libsetools-dev.install \ 8 | libsetools.install \ 9 | libsetools-java.install \ 10 | libsetools-jni.install \ 11 | libsetools-jni.postinst \ 12 | libsetools-jni.postrm \ 13 | libsetools.postinst \ 14 | libsetools.postrm \ 15 | libsetools-python.install \ 16 | libsetools-python.postinst \ 17 | libsetools-tcl.install \ 18 | rules \ 19 | setools-console.install \ 20 | setools.install \ 21 | setools.menu \ 22 | setools.postinst \ 23 | setools.postrm \ 24 | watch 25 | -------------------------------------------------------------------------------- /debian/compat: -------------------------------------------------------------------------------- 1 | 5 2 | -------------------------------------------------------------------------------- /debian/copyright: -------------------------------------------------------------------------------- 1 | Upstream Author: Tresys Technology 2 | 3 | Copyright: 2001-2008, Tresys Technology, LLC 4 | 5 | 6 | The SETools package contains files under two licenses. Most files are 7 | copyright as: 8 | 9 | This program is free software; you can redistribute it and/or modify 10 | it under the terms of the GNU General Public License as published by 11 | the Free Software Foundation, or version 2 of the License. 12 | 13 | This program is distributed in the hope that it will be useful, 14 | but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | GNU General Public License for more details. 17 | 18 | You should have received a copy of the GNU General Public License with 19 | the Debian GNU/Linux distribution in file /usr/share/common-licenses/GPL-2; 20 | if not, write to the Free Software Foundation, Inc., 51 Franklin St, 21 | Fifth Floor, Boston, MA 02110-1301 USA 22 | 23 | On Debian systems, the complete text of the GNU General Public 24 | License, version 2, can be found in /usr/share/common-licenses/GPL-2. 25 | 26 | 27 | Libraries, their source files, and their header files, are copyright as: 28 | 29 | This library is free software; you can redistribute it and/or 30 | modify it under the terms of the GNU Lesser General Public 31 | License as published by the Free Software Foundation; either 32 | version 2.1 of the License, or (at your option) any later version. 33 | 34 | This library is distributed in the hope that it will be useful, 35 | but WITHOUT ANY WARRANTY; without even the implied warranty of 36 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 37 | Lesser General Public License for more details. 38 | 39 | You should have received a copy of the GNU Lesser General Public 40 | License along with this library; if not, write to the Free Software 41 | Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 42 | 43 | On Debian systems, the complete text of the GNU Lesser General Public 44 | License, can be found in /usr/share/common-licenses/LGPL-2.1. 45 | 46 | The Debian packaging is (C) 2008, Tresys Technology 47 | and is licensed under the GPL, see 48 | `/usr/share/common-licenses/GPL'. 49 | -------------------------------------------------------------------------------- /debian/docs: -------------------------------------------------------------------------------- 1 | NEWS 2 | README 3 | TODO 4 | AUTHORS 5 | KNOWN-BUGS 6 | -------------------------------------------------------------------------------- /debian/libsetools-dev.install: -------------------------------------------------------------------------------- 1 | /usr/lib/*.so 2 | /usr/lib/pkgconfig/* 3 | /usr/include/apol/* 4 | /usr/include/poldiff/* 5 | /usr/include/qpol/* 6 | /usr/include/seaudit/* 7 | /usr/include/sefs/* 8 | -------------------------------------------------------------------------------- /debian/libsetools-java.install: -------------------------------------------------------------------------------- 1 | /usr/share/java/* 2 | /usr/share/setools-3.3/*jar 3 | -------------------------------------------------------------------------------- /debian/libsetools-jni.install: -------------------------------------------------------------------------------- 1 | /usr/lib/jni/* 2 | -------------------------------------------------------------------------------- /debian/libsetools-jni.postinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # postinst script for myq 3 | # 4 | # see: dh_installdeb(1) 5 | 6 | set -e 7 | 8 | # summary of how this script can be called: 9 | # * `configure' 10 | # * `abort-upgrade' 11 | # * `abort-remove' `in-favour' 12 | # 13 | # * `abort-remove' 14 | # * `abort-deconfigure' `in-favour' 15 | # `removing' 16 | # 17 | # for details, see http://www.debian.org/doc/debian-policy/ or 18 | # the debian-policy package 19 | 20 | 21 | case "$1" in 22 | configure) 23 | ;; 24 | 25 | abort-upgrade|abort-remove|abort-deconfigure) 26 | ;; 27 | 28 | *) 29 | echo "postinst called with unknown argument \`$1'" >&2 30 | exit 1 31 | ;; 32 | esac 33 | 34 | # dh_installdeb will replace this with shell code automatically 35 | # generated by other debhelper scripts. 36 | 37 | #DEBHELPER# 38 | 39 | exit 0 40 | 41 | 42 | -------------------------------------------------------------------------------- /debian/libsetools-jni.postrm: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # postrm script for myq 3 | # 4 | # see: dh_installdeb(1) 5 | 6 | set -e 7 | 8 | # summary of how this script can be called: 9 | # * `remove' 10 | # * `purge' 11 | # * `upgrade' 12 | # * `failed-upgrade' 13 | # * `abort-install' 14 | # * `abort-install' 15 | # * `abort-upgrade' 16 | # * `disappear' 17 | # 18 | # for details, see http://www.debian.org/doc/debian-policy/ or 19 | # the debian-policy package 20 | 21 | 22 | case "$1" in 23 | purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) 24 | ;; 25 | 26 | *) 27 | echo "postrm called with unknown argument \`$1'" >&2 28 | exit 1 29 | ;; 30 | esac 31 | 32 | # dh_installdeb will replace this with shell code automatically 33 | # generated by other debhelper scripts. 34 | 35 | #DEBHELPER# 36 | 37 | exit 0 38 | 39 | 40 | -------------------------------------------------------------------------------- /debian/libsetools-python.install: -------------------------------------------------------------------------------- 1 | /usr/lib/python*/site-packages/setools/*so* 2 | /usr/lib/python*/site-packages/setools/*.py 3 | -------------------------------------------------------------------------------- /debian/libsetools-python.postinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # postinst script for myq 3 | # 4 | # see: dh_installdeb(1) 5 | 6 | set -e 7 | 8 | # summary of how this script can be called: 9 | # * `configure' 10 | # * `abort-upgrade' 11 | # * `abort-remove' `in-favour' 12 | # 13 | # * `abort-remove' 14 | # * `abort-deconfigure' `in-favour' 15 | # `removing' 16 | # 17 | # for details, see http://www.debian.org/doc/debian-policy/ or 18 | # the debian-policy package 19 | 20 | 21 | case "$1" in 22 | configure) 23 | ;; 24 | 25 | abort-upgrade|abort-remove|abort-deconfigure) 26 | ;; 27 | 28 | *) 29 | echo "postinst called with unknown argument \`$1'" >&2 30 | exit 1 31 | ;; 32 | esac 33 | 34 | # dh_installdeb will replace this with shell code automatically 35 | # generated by other debhelper scripts. 36 | 37 | #DEBHELPER# 38 | 39 | exit 0 40 | 41 | 42 | -------------------------------------------------------------------------------- /debian/libsetools-tcl.install: -------------------------------------------------------------------------------- 1 | /usr/lib/setools/apol/* 2 | /usr/lib/setools/poldiff/* 3 | /usr/lib/setools/qpol/* 4 | /usr/lib/setools/seaudit/* 5 | /usr/lib/setools/sefs/* 6 | -------------------------------------------------------------------------------- /debian/libsetools.install: -------------------------------------------------------------------------------- 1 | /usr/lib/libapol.so.* 2 | /usr/lib/libpoldiff.so.* 3 | /usr/lib/libqpol.so.* 4 | /usr/lib/libseaudit.so.* 5 | /usr/lib/libsefs.so.* 6 | -------------------------------------------------------------------------------- /debian/libsetools.postinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # postinst script for myq 3 | # 4 | # see: dh_installdeb(1) 5 | 6 | set -e 7 | 8 | # summary of how this script can be called: 9 | # * `configure' 10 | # * `abort-upgrade' 11 | # * `abort-remove' `in-favour' 12 | # 13 | # * `abort-remove' 14 | # * `abort-deconfigure' `in-favour' 15 | # `removing' 16 | # 17 | # for details, see http://www.debian.org/doc/debian-policy/ or 18 | # the debian-policy package 19 | 20 | 21 | case "$1" in 22 | configure) 23 | ;; 24 | 25 | abort-upgrade|abort-remove|abort-deconfigure) 26 | ;; 27 | 28 | *) 29 | echo "postinst called with unknown argument \`$1'" >&2 30 | exit 1 31 | ;; 32 | esac 33 | 34 | # dh_installdeb will replace this with shell code automatically 35 | # generated by other debhelper scripts. 36 | 37 | #DEBHELPER# 38 | 39 | exit 0 40 | 41 | 42 | -------------------------------------------------------------------------------- /debian/libsetools.postrm: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # postrm script for myq 3 | # 4 | # see: dh_installdeb(1) 5 | 6 | set -e 7 | 8 | # summary of how this script can be called: 9 | # * `remove' 10 | # * `purge' 11 | # * `upgrade' 12 | # * `failed-upgrade' 13 | # * `abort-install' 14 | # * `abort-install' 15 | # * `abort-upgrade' 16 | # * `disappear' 17 | # 18 | # for details, see http://www.debian.org/doc/debian-policy/ or 19 | # the debian-policy package 20 | 21 | 22 | case "$1" in 23 | purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) 24 | ;; 25 | 26 | *) 27 | echo "postrm called with unknown argument \`$1'" >&2 28 | exit 1 29 | ;; 30 | esac 31 | 32 | # dh_installdeb will replace this with shell code automatically 33 | # generated by other debhelper scripts. 34 | 35 | #DEBHELPER# 36 | 37 | exit 0 38 | 39 | 40 | -------------------------------------------------------------------------------- /debian/rules: -------------------------------------------------------------------------------- 1 | #!/usr/bin/make -f 2 | 3 | include /usr/share/cdbs/1/rules/debhelper.mk 4 | include /usr/share/cdbs/1/class/autotools.mk 5 | 6 | DEB_CONFIGURE_EXTRA_FLAGS = \ 7 | --with-tcl=/usr/lib/tcl8.4 --with-tk=/usr/lib/tk8.4 \ 8 | --with-tkinclude=/usr/include/tcl8.4 \ 9 | --enable-swig-java --enable-swig-python --enable-swig-tcl \ 10 | --disable-bwidget-check 11 | 12 | DEB_DH_INSTALL_SOURCEDIR = $(CURDIR)/debian/tmp 13 | 14 | install/libsetools-jni:: 15 | mkdir -p $(CURDIR)/debian/tmp/usr/lib/jni 16 | for i in libjapol libjpoldiff libjqpol libjseaudit libjsefs; do \ 17 | mv $(CURDIR)/debian/tmp/usr/lib/$${i}* $(CURDIR)/debian/tmp/usr/lib/jni; \ 18 | done 19 | 20 | install/python-setools:: 21 | chmod 0644 $(CURDIR)/debian/tmp/usr/lib/setools/*/pkgIndex.tcl 22 | 23 | install/setools-console:: 24 | $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install-logwatch 25 | chmod 0755 $(CURDIR)/debian/tmp/usr/share/setools-3.3/seaudit-report-service 26 | -------------------------------------------------------------------------------- /debian/setools-console.install: -------------------------------------------------------------------------------- 1 | /etc/logwatch/conf/logfiles/seaudit-report-group.conf 2 | /etc/logwatch/conf/services/seaudit-report-service.conf 3 | /etc/logwatch/scripts/services/seaudit-report-service 4 | /usr/bin/findcon 5 | /usr/bin/indexcon 6 | /usr/bin/replcon 7 | /usr/bin/seaudit-report 8 | /usr/bin/sechecker 9 | /usr/bin/sediff 10 | /usr/bin/seinfo 11 | /usr/bin/sesearch 12 | /usr/share/man/man1/findcon.1 13 | /usr/share/man/man1/indexcon.1 14 | /usr/share/man/man1/replcon.1 15 | /usr/share/man/man1/sechecker.1 16 | /usr/share/man/man1/sediff.1 17 | /usr/share/man/man1/seinfo.1 18 | /usr/share/man/man1/sesearch.1 19 | /usr/share/man/man8/seaudit-report.8 20 | /usr/share/setools-3.3/seaudit-report-service 21 | /usr/share/setools-3.3/seaudit-report.conf 22 | /usr/share/setools-3.3/seaudit-report.css 23 | /usr/share/setools-3.3/sechecker-profiles/* 24 | /usr/share/setools-3.3/sechecker_help.txt 25 | -------------------------------------------------------------------------------- /debian/setools.install: -------------------------------------------------------------------------------- 1 | /usr/bin/apol 2 | /usr/bin/sediffx 3 | /usr/lib/setools/apol_tcl/* 4 | /usr/sbin/seaudit 5 | /usr/share/man/man1/apol.1 6 | /usr/share/man/man1/sediffx.1 7 | /usr/share/man/man8/seaudit.8 8 | /usr/share/setools-3.3/*.glade 9 | /usr/share/setools-3.3/*.png 10 | /usr/share/setools-3.3/apol.gif 11 | /usr/share/setools-3.3/apol_help.txt 12 | /usr/share/setools-3.3/domaintrans_help.txt 13 | /usr/share/setools-3.3/dot_seaudit 14 | /usr/share/setools-3.3/file_relabel_help.txt 15 | /usr/share/setools-3.3/infoflow_help.txt 16 | /usr/share/setools-3.3/seaudit_help.txt 17 | /usr/share/setools-3.3/sediff_help.txt 18 | /usr/share/setools-3.3/types_relation_help.txt 19 | /usr/share/setools-3.3/apol_perm_mapping* 20 | -------------------------------------------------------------------------------- /debian/setools.menu: -------------------------------------------------------------------------------- 1 | ?package(setools):needs="X11" section="Apps/System"\ 2 | title="apol" command="/usr/bin/apol" 3 | ?package(setools):needs="X11" section="Apps/System"\ 4 | title="sediff" command="/usr/bin/sediff" 5 | ?package(setools):needs="X11" section="Apps/System/Monitoring"\ 6 | title="seaudit" command="/usr/sbin/seaudit" 7 | -------------------------------------------------------------------------------- /debian/setools.postinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # postinst script for myq 3 | # 4 | # see: dh_installdeb(1) 5 | 6 | set -e 7 | 8 | # summary of how this script can be called: 9 | # * `configure' 10 | # * `abort-upgrade' 11 | # * `abort-remove' `in-favour' 12 | # 13 | # * `abort-remove' 14 | # * `abort-deconfigure' `in-favour' 15 | # `removing' 16 | # 17 | # for details, see http://www.debian.org/doc/debian-policy/ or 18 | # the debian-policy package 19 | 20 | 21 | case "$1" in 22 | configure) 23 | ;; 24 | 25 | abort-upgrade|abort-remove|abort-deconfigure) 26 | ;; 27 | 28 | *) 29 | echo "postinst called with unknown argument \`$1'" >&2 30 | exit 1 31 | ;; 32 | esac 33 | 34 | # dh_installdeb will replace this with shell code automatically 35 | # generated by other debhelper scripts. 36 | 37 | #DEBHELPER# 38 | 39 | exit 0 40 | 41 | 42 | -------------------------------------------------------------------------------- /debian/setools.postrm: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # postrm script for myq 3 | # 4 | # see: dh_installdeb(1) 5 | 6 | set -e 7 | 8 | # summary of how this script can be called: 9 | # * `remove' 10 | # * `purge' 11 | # * `upgrade' 12 | # * `failed-upgrade' 13 | # * `abort-install' 14 | # * `abort-install' 15 | # * `abort-upgrade' 16 | # * `disappear' 17 | # 18 | # for details, see http://www.debian.org/doc/debian-policy/ or 19 | # the debian-policy package 20 | 21 | 22 | case "$1" in 23 | purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) 24 | ;; 25 | 26 | *) 27 | echo "postrm called with unknown argument \`$1'" >&2 28 | exit 1 29 | ;; 30 | esac 31 | 32 | # dh_installdeb will replace this with shell code automatically 33 | # generated by other debhelper scripts. 34 | 35 | #DEBHELPER# 36 | 37 | exit 0 38 | 39 | 40 | -------------------------------------------------------------------------------- /debian/watch: -------------------------------------------------------------------------------- 1 | # Example watch control file for uscan 2 | # Rename this file to "watch" and then you can run the "uscan" command 3 | # to check for upstream updates and more. 4 | # See uscan(1) for format 5 | 6 | # Compulsory line, this is a version 3 file 7 | version=3 8 | 9 | # Uncomment to examine a Webpage 10 | # 11 | http://oss.tresys.com/projects/setools/wiki/download setools-(.*)\.tar\.gz 12 | -------------------------------------------------------------------------------- /libapol/Makefile.am: -------------------------------------------------------------------------------- 1 | if DO_SWIGIFY 2 | MAYBE_SWIG = swig 3 | endif 4 | 5 | SUBDIRS = src include tests $(MAYBE_SWIG) 6 | 7 | libapol.a libapol.so: 8 | $(MAKE) -C src $@ 9 | -------------------------------------------------------------------------------- /libapol/include/Makefile.am: -------------------------------------------------------------------------------- 1 | SUBDIRS = apol 2 | -------------------------------------------------------------------------------- /libapol/include/apol/Makefile.am: -------------------------------------------------------------------------------- 1 | apoldir = $(includedir)/apol 2 | 3 | apol_HEADERS = \ 4 | avrule-query.h \ 5 | bool-query.h \ 6 | bounds-query.h \ 7 | bst.h \ 8 | class-perm-query.h \ 9 | condrule-query.h \ 10 | constraint-query.h \ 11 | context-query.h \ 12 | default-object-query.h \ 13 | domain-trans-analysis.h \ 14 | fscon-query.h \ 15 | infoflow-analysis.h \ 16 | isid-query.h \ 17 | mls-query.h \ 18 | mls_level.h \ 19 | mls_range.h \ 20 | netcon-query.h \ 21 | perm-map.h \ 22 | permissive-query.h \ 23 | polcap-query.h \ 24 | policy.h \ 25 | policy-path.h \ 26 | policy-query.h \ 27 | range_trans-query.h \ 28 | rbacrule-query.h \ 29 | relabel-analysis.h \ 30 | render.h \ 31 | role-query.h \ 32 | ftrule-query.h \ 33 | terule-query.h \ 34 | type-query.h \ 35 | types-relation-analysis.h \ 36 | user-query.h \ 37 | util.h \ 38 | vector.h 39 | -------------------------------------------------------------------------------- /libapol/src/domain-trans-analysis-internal.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Protected routines for domain transition analysis. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2005-2007 Tresys Technology, LLC 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2.1 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef APOL_DOMAIN_TRANS_ANALYSIS_INTERNAL_H 27 | #define APOL_DOMAIN_TRANS_ANALYSIS_INTERNAL_H 28 | 29 | /** 30 | * Free all memory associated with a domain transition result, including 31 | * the pointer itself. This function does nothing if the result is NULL. 32 | * @param dtr Pointer to a domain transition result structure to free. 33 | */ 34 | void domain_trans_result_free(void *dtr); 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /libapol/src/infoflow-analysis-internal.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Protected routines for information flow analysis. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2003-2007 Tresys Technology, LLC 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2.1 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef APOL_INFOFLOW_ANALYSIS_INTERNAL_H 27 | #define APOL_INFOFLOW_ANALYSIS_INTERNAL_H 28 | 29 | /** 30 | * Do a deep copy (i.e., a clone) of an apol_infoflow_result_t object. 31 | * The caller is responsible for calling apol_infoflow_result_free() 32 | * upon the returned value. 33 | * 34 | * @param result Pointer to an infoflow result structure to destroy. 35 | * 36 | * @return A clone of the passed in result node, or NULL upon error. 37 | */ 38 | extern apol_infoflow_result_t *infoflow_result_create_from_infoflow_result(const apol_infoflow_result_t * result); 39 | 40 | /** 41 | * Free all memory associated with an information flow analysis 42 | * result, including the pointer itself. This function does nothing 43 | * if the result is already NULL. 44 | * 45 | * @param result Pointer to an infoflow result structure to destroy. 46 | */ 47 | extern void infoflow_result_free(void *result); 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /libapol/src/libapol.map: -------------------------------------------------------------------------------- 1 | VERS_4.0{ 2 | global: 3 | apol_attr_*; 4 | apol_avrule_*; 5 | apol_bool_*; 6 | apol_bst_*; 7 | apol_cat_*; 8 | apol_class_*; 9 | apol_common_*; 10 | apol_cond_*; 11 | apol_config_*; 12 | apol_constraint_*; 13 | apol_context_*; 14 | apol_domain_*; 15 | apol_file_*; 16 | apol_fs_use_*; 17 | apol_genfscon_*; 18 | apol_get_*; 19 | apol_handle_msg; 20 | apol_infoflow_*; 21 | apol_ipv4_addr_render; 22 | apol_ipv6_addr_render; 23 | apol_isid_*; 24 | apol_level_*; 25 | apol_mls_*; 26 | apol_netifcon_*; 27 | apol_nodecon_*; 28 | apol_objclass_to_str; 29 | apol_perm_*; 30 | apol_permmap_*; 31 | apol_policy_*; 32 | apol_policy_path_*; 33 | apol_portcon_*; 34 | apol_protocol_to_str; 35 | apol_qpol_context_render; 36 | apol_range_trans_*; 37 | apol_filename_trans_*; 38 | apol_relabel_*; 39 | apol_role_*; 40 | apol_role_allow_*; 41 | apol_role_trans_*; 42 | apol_rule_type_to_str; 43 | apol_str_*; 44 | apol_syn_*; 45 | apol_terule_*; 46 | apol_type_*; 47 | apol_types_relation_*; 48 | apol_user_*; 49 | apol_validatetrans_*; 50 | apol_vector_*; 51 | libapol_get_version; 52 | local: *; 53 | }; 54 | 55 | VERS_4.1{ 56 | global: 57 | apol_avrule_query_set_all_perms; 58 | apol_bst_inorder_map; 59 | apol_context_convert; 60 | apol_context_create_from_literal; 61 | apol_domain_trans_analysis_append_class; 62 | apol_domain_trans_analysis_append_perm; 63 | apol_mls_level_convert; 64 | apol_mls_level_create_from_literal; 65 | apol_mls_level_is_literal; 66 | apol_mls_level_validate; 67 | apol_mls_range_convert; 68 | apol_mls_range_create_from_literal; 69 | apol_mls_range_create_from_string; 70 | apol_mls_range_is_literal; 71 | apol_nodecon_query_set_protocol; 72 | apol_policy_build_domain_trans_table; 73 | apol_policy_get_permmap; 74 | apol_policy_open_permmap; 75 | apol_policy_reset_domain_trans_table; 76 | apol_policy_save_permmap; 77 | apol_policy_set_permmap; 78 | apol_portcon_query_set_protocol; 79 | apol_str_to_protocol; 80 | apol_str_to_objclass; 81 | } VERS_4.0; 82 | 83 | VERS_4.2{ 84 | global: 85 | apol_permissive_*; 86 | apol_typebounds_*; 87 | apol_rolebounds_*; 88 | apol_userbounds_*; 89 | apol_polcap_*; 90 | apol_default_object_*; 91 | } VERS_4.1; 92 | -------------------------------------------------------------------------------- /libapol/src/vector-internal.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Protected routines for the vector class. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2007 Tresys Technology, LLC 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2.1 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef APOL_VECTOR_INTERNAL_H 27 | #define APOL_VECTOR_INTERNAL_H 28 | 29 | /** 30 | * Change the free function of a vector. Currently, this function is 31 | * friends with the BST class; otherwise consider this to be a private 32 | * function. 33 | */ 34 | void vector_set_free_func(apol_vector_t * v, apol_vector_free_func * fr); 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /libapol/swig/Makefile.am: -------------------------------------------------------------------------------- 1 | if DO_SWIGIFY_PYTHON 2 | MAYBE_PYSWIG = python 3 | endif 4 | 5 | if DO_SWIGIFY_JAVA 6 | MAYBE_JSWIG = java 7 | endif 8 | 9 | if DO_SWIGIFY_TCL 10 | MAYBE_TCLSWIG = tcl 11 | endif 12 | 13 | SUBDIRS = $(MAYBE_PYSWIG) $(MAYBE_JSWIG) $(MAYBE_TCLSWIG) 14 | 15 | dist_noinst_DATA = apol.i 16 | -------------------------------------------------------------------------------- /libapol/swig/java/MANIFEST.MF.in: -------------------------------------------------------------------------------- 1 | Manifest-Version: 1.0 2 | 3 | Name: com/tresys/setools/ 4 | Specification-Title: "SETools Java Libraries" 5 | Specification-Version: "@VERSION@" 6 | Specification-Vendor: "Tresys Technology" 7 | Implementation-Title: "com.tresys.setools.apol" 8 | Implementation-Version: "@libapol_version@" 9 | Implementation-Vendor: "Tresys Technology" 10 | Extension-List: qpol 11 | qpol-Extension-Name: com.tresys.setools.qpol 12 | qpol-Implementation-Version: @libqpel_version@ 13 | -------------------------------------------------------------------------------- /libapol/swig/python/Makefile.am: -------------------------------------------------------------------------------- 1 | wrappedso_DATA = _apol.so.@libapol_version@ 2 | wrappedso_SONAME = @libapol_pyswig_soname@ 3 | wrappedsodir = $(pkgpyexecdir) 4 | 5 | wrappedpy_DATA = apol.py 6 | wrappedpydir = $(pkgpyexecdir) 7 | 8 | dist_noinst_DATA = $(srcdir)/../apol.i 9 | BUILT_SOURCES = apol_wrap.c 10 | 11 | AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ 12 | @QPOL_CFLAGS@ -I$(top_builddir) -fpic \ 13 | -I$(top_srcdir)/libapol/include 14 | AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ \ 15 | @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@ 16 | DEPENDENCIES = $(top_builddir)/libqpol/src/libqpol.so \ 17 | $(top_builddir)/libapol/src/libapol.so 18 | 19 | $(BUILT_SOURCES): $(dist_noinst_DATA) $(DEPENDENCIES) 20 | $(SWIG) $(SWIG_PYTHON_OPT) -o $@ -I$(top_srcdir)/libapol/include -I$(top_srcdir)/libqpol/swig $< 21 | 22 | $(wrappedso_DATA): $(BUILT_SOURCES) 23 | $(CC) -shared -o $@ $^ $(AM_CFLAGS) $(CFLAGS) $(SWIG_PYTHON_CPPFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -Wl,-soname,$(wrappedso_SONAME) 24 | $(LN_S) -f $@ $(wrappedso_SONAME) 25 | $(LN_S) -f $@ _apol.so 26 | 27 | $(wrappedpy_DATA): $(BUILT_SOURCES) 28 | 29 | install-data-hook: 30 | cd $(DESTDIR)$(wrappedsodir) && $(LN_S) -f $(wrappedso_DATA) $(wrappedso_SONAME) 31 | cd $(DESTDIR)$(wrappedsodir) && $(LN_S) -f $(wrappedso_DATA) _apol.so 32 | 33 | uninstall-local: 34 | -rm -rf $(DESTDIR)$(wrappedsodir)/$(wrappedso_SONAME) $(DESTDIR)$(wrappedsodir)/_apol.so 35 | 36 | MOSTLYCLEANFILES = $(BUILT_SOURCES) $(wrappedso_DATA) $(wrappedpy_DATA) $(wrappedso_SONAME) _apol.so apol.pyc 37 | -------------------------------------------------------------------------------- /libapol/swig/tcl/Makefile.am: -------------------------------------------------------------------------------- 1 | wrappedso_DATA = libtapol.so.@libapol_version@ 2 | wrappedso_SONAME = @libapol_tswig_soname@ 3 | short_name = libtapol.so 4 | wrappedsodir = $(libdir)/setools/apol 5 | 6 | package_SCRIPTS = pkgIndex.tcl 7 | packagedir = $(wrappedsodir) 8 | 9 | dist_noinst_DATA = $(srcdir)/../apol.i 10 | BUILT_SOURCES = apol_wrap.c 11 | 12 | AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ 13 | @QPOL_CFLAGS@ -I$(top_builddir) -fpic \ 14 | -I$(top_srcdir)/libapol/include 15 | AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ \ 16 | @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@ 17 | DEPENDENCIES = $(top_builddir)/libqpol/src/libqpol.so \ 18 | $(top_builddir)/libapol/src/libapol.so 19 | 20 | $(BUILT_SOURCES): $(dist_noinst_DATA) $(DEPENDENCIES) 21 | $(SWIG) $(SWIG_TCL_OPT) -pkgversion @libapol_version@ -o $@ -I$(top_srcdir)/libapol/include -I$(top_srcdir)/libqpol/swig $< 22 | 23 | $(wrappedso_DATA): $(BUILT_SOURCES) 24 | $(CC) -shared -o $@ $^ $(AM_CFLAGS) $(CFLAGS) $(SWIG_TCL_CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -Wl,-soname,$(wrappedso_SONAME) 25 | $(LN_S) -f $@ $(wrappedso_SONAME) 26 | $(LN_S) -f $@ $(short_name) 27 | 28 | $(package_SCRIPTS): $(wrappedso_DATA) 29 | echo "pkg_mkIndex . $^" | LD_LIBRARY_PATH=$(top_builddir)/libqpol/src:$(top_builddir)/libapol/src $(TCLSH_PROG) 30 | chmod 644 $@ 31 | $(mkdir_p) apol 32 | cp $(wrappedso_DATA) $@ apol 33 | 34 | MOSTLYCLEANFILES = $(BUILT_SOURCES) $(wrappedso_DATA) $(wrappedso_SONAME) $(short_name) $(package_DATA) apol/$(wrappedso_DATA) apol/$(package_SCRIPTS) 35 | 36 | CLEANFILES = $(package_SCRIPTS) 37 | -------------------------------------------------------------------------------- /libapol/tests/Makefile.am: -------------------------------------------------------------------------------- 1 | TESTS = libapol-tests 2 | check_PROGRAMS = libapol-tests 3 | 4 | libapol_tests_SOURCES = \ 5 | avrule-tests.c avrule-tests.h \ 6 | dta-tests.c dta-tests.h \ 7 | infoflow-tests.c infoflow-tests.h \ 8 | policy-21-tests.c policy-21-tests.h \ 9 | role-tests.c role-tests.h \ 10 | terule-tests.c terule-tests.h \ 11 | user-tests.c user-tests.h \ 12 | constrain-tests.c constrain-tests.h \ 13 | ../../libqpol/src/queue.c ../../libqpol/src/queue.h \ 14 | libapol-tests.c 15 | 16 | AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ 17 | @QPOL_CFLAGS@ @APOL_CFLAGS@ -DTOP_SRCDIR="\"$(top_srcdir)\"" 18 | 19 | AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ 20 | 21 | LDADD = @SELINUX_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@ @CUNIT_LIB_FLAG@ 22 | 23 | libapol_tests_DEPENDENCIES = ../src/libapol.so 24 | -------------------------------------------------------------------------------- /libapol/tests/avrule-tests.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Declarations for libapol avrule query tests. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2007 Tresys Technology, LLC 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2.1 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef AVRULE_TESTS_H 27 | #define AVRULE_TESTS_H 28 | 29 | #include 30 | 31 | extern CU_TestInfo avrule_tests[]; 32 | extern int avrule_init(); 33 | extern int avrule_cleanup(); 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /libapol/tests/constrain-tests.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Declarations for libapol constraint tests. 5 | * 6 | * 7 | * Copyright (C) 2010 Tresys Technology, LLC 8 | * 9 | * This library is free software; you can redistribute it and/or 10 | * modify it under the terms of the GNU Lesser General Public 11 | * License as published by the Free Software Foundation; either 12 | * version 2.1 of the License, or (at your option) any later version. 13 | * 14 | * This library is distributed in the hope that it will be useful, 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17 | * Lesser General Public License for more details. 18 | * 19 | * You should have received a copy of the GNU Lesser General Public 20 | * License along with this library; if not, write to the Free Software 21 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 22 | */ 23 | 24 | #ifndef CONSTRAIN_TESTS_H 25 | #define CONSTRAIN_TESTS_H 26 | 27 | #include 28 | 29 | extern CU_TestInfo constrain_tests[]; 30 | extern int constrain_init(); 31 | extern int constrain_cleanup(); 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /libapol/tests/dta-tests.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Declarations for libapol domain transition analysis tests. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2007 Tresys Technology, LLC 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2.1 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef DTA_TESTS_H 27 | #define DTA_TESTS_H 28 | 29 | #include 30 | 31 | extern CU_TestInfo dta_tests[]; 32 | extern int dta_init(); 33 | extern int dta_cleanup(); 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /libapol/tests/infoflow-tests.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Declarations for libapol infomation flow analysis tests, both 5 | * direct and transitive. 6 | * 7 | * @author Jeremy A. Mowery jmowery@tresys.com 8 | * @author Jason Tang jtang@tresys.com 9 | * 10 | * Copyright (C) 2007 Tresys Technology, LLC 11 | * 12 | * This library is free software; you can redistribute it and/or 13 | * modify it under the terms of the GNU Lesser General Public 14 | * License as published by the Free Software Foundation; either 15 | * version 2.1 of the License, or (at your option) any later version. 16 | * 17 | * This library is distributed in the hope that it will be useful, 18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 20 | * Lesser General Public License for more details. 21 | * 22 | * You should have received a copy of the GNU Lesser General Public 23 | * License along with this library; if not, write to the Free Software 24 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 25 | */ 26 | 27 | #ifndef INFOFLOW_TESTS_H 28 | #define INFOFLOW_TESTS_H 29 | 30 | #include 31 | 32 | extern CU_TestInfo infoflow_tests[]; 33 | extern int infoflow_init(); 34 | extern int infoflow_cleanup(); 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /libapol/tests/policy-21-tests.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Declarations for libapol version 21 policy support. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2007 Tresys Technology, LLC 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2.1 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef POLICY_21_TESTS_H 27 | #define POLICY_21_TESTS_H 28 | 29 | #include 30 | 31 | extern CU_TestInfo policy_21_tests[]; 32 | extern int policy_21_init(); 33 | extern int policy_21_cleanup(); 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /libapol/tests/role-tests.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Declarations for libapol role query tests. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2007 Tresys Technology, LLC 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2.1 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef ROLE_TESTS_H 27 | #define ROLE_TESTS_H 28 | 29 | #include 30 | 31 | extern CU_TestInfo role_tests[]; 32 | extern int role_init(); 33 | extern int role_cleanup(); 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /libapol/tests/terule-tests.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Declarations for libapol terule query tests. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2007 Tresys Technology, LLC 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2.1 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef TERULE_TESTS_H 27 | #define TERULE_TESTS_H 28 | 29 | #include 30 | 31 | extern CU_TestInfo terule_tests[]; 32 | extern int terule_init(); 33 | extern int terule_cleanup(); 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /libapol/tests/user-tests.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Declarations for libapol user query tests. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2007 Tresys Technology, LLC 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2.1 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef USER_TESTS_H 27 | #define USER_TESTS_H 28 | 29 | #include 30 | 31 | extern CU_TestInfo user_tests[]; 32 | extern int user_init(); 33 | extern int user_cleanup(); 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /libpoldiff/Makefile.am: -------------------------------------------------------------------------------- 1 | if DO_SWIGIFY 2 | MAYBE_SWIG = swig 3 | endif 4 | 5 | SUBDIRS = src include tests $(MAYBE_SWIG) 6 | 7 | libpoldiff.a libpoldiff.so: 8 | $(MAKE) -C src $@ 9 | -------------------------------------------------------------------------------- /libpoldiff/include/Makefile.am: -------------------------------------------------------------------------------- 1 | SUBDIRS = poldiff 2 | -------------------------------------------------------------------------------- /libpoldiff/include/poldiff/Makefile.am: -------------------------------------------------------------------------------- 1 | poldiffdir = $(includedir)/poldiff 2 | 3 | poldiff_HEADERS = \ 4 | poldiff.h \ 5 | attrib_diff.h \ 6 | avrule_diff.h \ 7 | bool_diff.h \ 8 | cat_diff.h \ 9 | class_diff.h \ 10 | component_record.h \ 11 | level_diff.h \ 12 | range_diff.h \ 13 | range_trans_diff.h \ 14 | rbac_diff.h \ 15 | role_diff.h \ 16 | terule_diff.h \ 17 | user_diff.h \ 18 | type_diff.h \ 19 | type_map.h \ 20 | util.h 21 | -------------------------------------------------------------------------------- /libpoldiff/include/poldiff/util.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Miscellaneous, uncategorized functions for libpoldiff. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2006-2007 Tresys Technology, LLC 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2.1 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef POLDIFF_UTIL_H 27 | #define POLDIFF_UTIL_H 28 | 29 | #ifdef __cplusplus 30 | extern "C" 31 | { 32 | #endif 33 | 34 | /** 35 | * Return an immutable string describing this library's version. 36 | * 37 | * @return String describing this library. 38 | */ 39 | extern const char *libpoldiff_get_version(void); 40 | 41 | #ifdef __cplusplus 42 | } 43 | #endif 44 | 45 | #endif 46 | -------------------------------------------------------------------------------- /libpoldiff/src/libpoldiff.map: -------------------------------------------------------------------------------- 1 | VERS_1.2{ 2 | global: 3 | poldiff_create; 4 | poldiff_destroy; 5 | poldiff_run; 6 | poldiff_is_run; 7 | poldiff_type_remap_*; 8 | poldiff_get_*; 9 | poldiff_attrib_*; 10 | poldiff_avrule_*; 11 | poldiff_bool_*; 12 | poldiff_cat_*; 13 | poldiff_class_*; 14 | poldiff_common_*; 15 | poldiff_level_*; 16 | poldiff_range_*; 17 | poldiff_range_trans_*; 18 | poldiff_role_*; 19 | poldiff_role_allow_*; 20 | poldiff_role_trans_*; 21 | poldiff_terule_*; 22 | poldiff_type_*; 23 | poldiff_user_*; 24 | libpoldiff_get_version; 25 | poldiff_enable_line_numbers; 26 | local: *; 27 | }; 28 | 29 | VERS_1.3{ 30 | global: 31 | poldiff_avrule_get_stats_allow; 32 | poldiff_avrule_get_stats_auditallow; 33 | poldiff_avrule_get_stats_dontaudit; 34 | poldiff_avrule_get_stats_neverallow; 35 | poldiff_get_avrule_vector_allow; 36 | poldiff_get_avrule_vector_auditallow; 37 | poldiff_get_avrule_vector_dontaudit; 38 | poldiff_get_avrule_vector_neverallow; 39 | poldiff_component_record_*; 40 | poldiff_range_get_min_added_cats; 41 | poldiff_range_get_min_removed_cats; 42 | poldiff_range_get_min_unmodified_cats; 43 | poldiff_role_allow_get_unmodified_roles; 44 | poldiff_terule_get_stats_change; 45 | poldiff_terule_get_stats_member; 46 | poldiff_terule_get_stats_trans; 47 | poldiff_get_terule_vector_change; 48 | poldiff_get_terule_vector_member; 49 | poldiff_get_terule_vector_trans; 50 | } VERS_1.2; 51 | -------------------------------------------------------------------------------- /libpoldiff/src/util.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Implementation of utility functions for libpoldiff. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2006-2007 Tresys Technology, LLC 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2.1 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #include 27 | #include 28 | 29 | const char *libpoldiff_get_version(void) 30 | { 31 | return LIBPOLDIFF_VERSION_STRING; 32 | } 33 | -------------------------------------------------------------------------------- /libpoldiff/swig/Makefile.am: -------------------------------------------------------------------------------- 1 | if DO_SWIGIFY_PYTHON 2 | MAYBE_PYSWIG = python 3 | endif 4 | 5 | if DO_SWIGIFY_JAVA 6 | MAYBE_JSWIG = java 7 | endif 8 | 9 | if DO_SWIGIFY_TCL 10 | MAYBE_TCLSWIG = tcl 11 | endif 12 | 13 | SUBDIRS = $(MAYBE_PYSWIG) $(MAYBE_JSWIG) $(MAYBE_TCLSWIG) 14 | 15 | dist_noinst_DATA = poldiff.i 16 | -------------------------------------------------------------------------------- /libpoldiff/swig/java/MANIFEST.MF.in: -------------------------------------------------------------------------------- 1 | Manifest-Version: 1.0 2 | 3 | Name: com/tresys/setools/ 4 | Specification-Title: "SETools Java Libraries" 5 | Specification-Version: "@VERSION@" 6 | Specification-Vendor: "Tresys Technology" 7 | Implementation-Title: "com.tresys.setools.poldiff" 8 | Implementation-Version: "@libpoldiff_version@" 9 | Implementation-Vendor: "Tresys Technology" 10 | Extension-List: qpol apol 11 | qpol-Extension-Name: com.tresys.setools.qpol 12 | qpol-Implementation-Version: @libqpol_version@ 13 | apol-Extension-Name: com.tresys.setools.apol 14 | apol-Implementation-Version: @libapol_version@ 15 | -------------------------------------------------------------------------------- /libpoldiff/swig/python/Makefile.am: -------------------------------------------------------------------------------- 1 | wrappedso_DATA = _poldiff.so.@libpoldiff_version@ 2 | wrappedso_SONAME = @libpoldiff_pyswig_soname@ 3 | wrappedsodir = $(pkgpyexecdir) 4 | 5 | wrappedpy_DATA = poldiff.py 6 | wrappedpydir = $(pkgpyexecdir) 7 | 8 | dist_noinst_DATA = $(srcdir)/../poldiff.i 9 | BUILT_SOURCES = poldiff_wrap.c 10 | 11 | AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ 12 | @QPOL_CFLAGS@ @APOL_CFLAGS@ -I$(top_builddir) -fpic \ 13 | -I$(top_srcdir)/libpoldiff/include 14 | AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ \ 15 | @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@ @POLDIFF_LIB_FLAG@ 16 | DEPENDENCIES = $(top_builddir)/libqpol/src/libqpol.so \ 17 | $(top_builddir)/libapol/src/libapol.so \ 18 | $(top_builddir)/libpoldiff/src/libpoldiff.so 19 | 20 | $(BUILT_SOURCES): $(dist_noinst_DATA) $(DEPENDENCIES) 21 | $(SWIG) $(SWIG_PYTHON_OPT) -o $@ \ 22 | -I$(top_srcdir)/libpoldiff/include -I$(top_srcdir)/libapol/include -I$(top_srcdir)/libqpol/include \ 23 | -I$(top_srcdir)/libqpol/swig -I$(top_srcdir)/libapol/swig $< 24 | 25 | $(wrappedso_DATA): $(BUILT_SOURCES) 26 | $(CC) -shared -o $@ $^ $(AM_CFLAGS) $(CFLAGS) $(SWIG_PYTHON_CPPFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -Wl,-soname,$(wrappedso_SONAME) 27 | $(LN_S) -f $@ $(wrappedso_SONAME) 28 | $(LN_S) -f $@ _poldiff.so 29 | 30 | $(wrappedpy_DATA): $(BUILT_SOURCES) 31 | 32 | install-data-hook: 33 | cd $(DESTDIR)$(wrappedsodir) && $(LN_S) -f $(wrappedso_DATA) $(wrappedso_SONAME) 34 | cd $(DESTDIR)$(wrappedsodir) && $(LN_S) -f $(wrappedso_DATA) _poldiff.so 35 | 36 | uninstall-local: 37 | -rm -rf $(DESTDIR)$(wrappedsodir)/$(wrappedso_SONAME) $(DESTDIR)$(wrappedsodir)/_poldiff.so 38 | 39 | MOSTLYCLEANFILES = $(BUILT_SOURCES) $(wrappedso_DATA) $(wrappedpy_DATA) $(wrappedso_SONAME) _poldiff.so poldiff.pyc 40 | -------------------------------------------------------------------------------- /libpoldiff/swig/tcl/Makefile.am: -------------------------------------------------------------------------------- 1 | wrappedso_DATA = libtpoldiff.so.@libpoldiff_version@ 2 | wrappedso_SONAME = @libpoldiff_tswig_soname@ 3 | short_name = libtpoldiff.so 4 | wrappedsodir = $(libdir)/setools/poldiff 5 | 6 | package_SCRIPTS = pkgIndex.tcl 7 | packagedir = $(wrappedsodir) 8 | 9 | dist_noinst_DATA = $(srcdir)/../poldiff.i 10 | BUILT_SOURCES = poldiff_wrap.c 11 | 12 | AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ 13 | @QPOL_CFLAGS@ @APOL_CFLAGS@ -I$(top_builddir) -fpic \ 14 | -I$(top_srcdir)/libpoldiff/include 15 | AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ \ 16 | @POLDIFF_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@ 17 | DEPENDENCIES = $(top_builddir)/libqpol/src/libqpol.so \ 18 | $(top_builddir)/libapol/src/libapol.so \ 19 | $(top_builddir)/libpoldiff/src/libpoldiff.so 20 | 21 | $(BUILT_SOURCES): $(dist_noinst_DATA) $(DEPENDENCIES) 22 | $(SWIG) $(SWIG_TCL_OPT) -pkgversion @libpoldiff_version@ -o $@ -I$(top_srcdir)/libpoldiff/include -I$(top_srcdir)/libapol/include -I$(top_srcdir)/libapol/swig -I$(top_srcdir)/libqpol/swig $< 23 | 24 | $(wrappedso_DATA): $(BUILT_SOURCES) 25 | $(CC) -shared -o $@ $^ $(AM_CFLAGS) $(CFLAGS) $(SWIG_TCL_CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -Wl,-soname,$(wrappedso_SONAME) 26 | $(LN_S) -f $@ $(wrappedso_SONAME) 27 | $(LN_S) -f $@ $(short_name) 28 | 29 | $(package_SCRIPTS): $(wrappedso_DATA) 30 | echo "pkg_mkIndex . $^" | LD_LIBRARY_PATH=$(top_builddir)/libqpol/src:$(top_builddir)/libapol/src:$(top_builddir)/libpoldiff/src $(TCLSH_PROG) 31 | chmod 644 $@ 32 | $(mkdir_p) poldiff 33 | cp $(wrappedso_DATA) $@ poldiff 34 | 35 | MOSTLYCLEANFILES = $(BUILT_SOURCES) $(wrappedso_DATA) $(wrappedso_SONAME) $(short_name) $(package_DATA) poldiff/$(wrappedso_DATA) poldiff/$(package_SCRIPTS) 36 | 37 | CLEANFILES = $(package_SCRIPTS) 38 | -------------------------------------------------------------------------------- /libpoldiff/tests/Makefile.am: -------------------------------------------------------------------------------- 1 | TESTS = libpoldiff-tests 2 | check_PROGRAMS = libpoldiff-tests 3 | 4 | libpoldiff_tests_SOURCES = \ 5 | components-tests.c components-tests.h \ 6 | libpoldiff-tests.c libpoldiff-tests.h \ 7 | mls-tests.c mls-tests.h \ 8 | nomls-tests.c nomls-tests.h \ 9 | policy-defs.h \ 10 | rules-tests.c rules-tests.h 11 | 12 | AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ 13 | @QPOL_CFLAGS@ @APOL_CFLAGS@ @POLDIFF_CFLAGS@ 14 | 15 | AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ 16 | 17 | LDADD = @SELINUX_LIB_FLAG@ @POLDIFF_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@ @CUNIT_LIB_FLAG@ 18 | 19 | libpoldiff_tests_DEPENDENCIES = ../src/libpoldiff.so 20 | -------------------------------------------------------------------------------- /libpoldiff/tests/components-tests.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Header file for libpoldiff's correctness of components. 5 | * 6 | * @author Paul Rosenfeld prosenfeld@tresys.com 7 | * 8 | * Copyright (C) 2007 Tresys Technology, LLC 9 | * 10 | * This library is free software; you can redistribute it and/or 11 | * modify it under the terms of the GNU Lesser General Public 12 | * License as published by the Free Software Foundation; either 13 | * version 2.1 of the License, or (at your option) any later version. 14 | * 15 | * This library is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 | * Lesser General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU Lesser General Public 21 | * License along with this library; if not, write to the Free Software 22 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 23 | */ 24 | 25 | #ifndef COMPONENTS_TEST 26 | #define COMPONENTS_TEST 27 | 28 | #define WRAP_NAME_FUNC(component) const char *poldiff_##component##_get_name_w(const void *arg) { \ 29 | const poldiff_##component##_t *cls = (const poldiff_##component##_t *)arg; \ 30 | return poldiff_##component##_get_name(cls); } 31 | 32 | #define WRAP_MOD_FUNC(component,mod_component,mod_type) const apol_vector_t* poldiff_##component##_get_##mod_type##_##mod_component##_w(const void* arg) { \ 33 | const poldiff_##component##_t *cls = (const poldiff_##component##_t *)arg; \ 34 | return poldiff_##component##_get_##mod_type##_##mod_component(cls); } 35 | 36 | void build_component_vecs(component_funcs_t *); 37 | 38 | int components_test_init(); 39 | int components_test_cleanup(); 40 | 41 | void components_attributes_tests(); 42 | void components_bools_tests(); 43 | void components_commons_tests(); 44 | void components_roles_tests(); 45 | void components_users_tests(); 46 | void components_class_tests(); 47 | void components_types_tests(); 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /libpoldiff/tests/mls-tests.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Header file for libpoldiff's correctness of MLS. 5 | * 6 | * @author Paul Rosenfeld prosenfeld@tresys.com 7 | * 8 | * Copyright (C) 2007 Tresys Technology, LLC 9 | * 10 | * This library is free software; you can redistribute it and/or 11 | * modify it under the terms of the GNU Lesser General Public 12 | * License as published by the Free Software Foundation; either 13 | * version 2.1 of the License, or (at your option) any later version. 14 | * 15 | * This library is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 | * Lesser General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU Lesser General Public 21 | * License along with this library; if not, write to the Free Software 22 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 23 | */ 24 | 25 | #ifndef MLS_TEST 26 | #define MLS_TEST 27 | int mls_test_init(); 28 | int mls_test_cleanup(); 29 | 30 | void mls_category_tests(); 31 | void mls_user_tests(); 32 | void mls_rangetrans_tests(); 33 | void mls_level_tests(); 34 | void build_category_vecs(); 35 | void build_rangetrans_vecs(); 36 | void build_level_vecs(); 37 | void build_user_vecs(); 38 | 39 | #endif 40 | -------------------------------------------------------------------------------- /libpoldiff/tests/nomls-tests.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Header file for libpoldiff's correctness of MLS versus non-MLS policies. 5 | * 6 | * @author Paul Rosenfeld prosenfeld@tresys.com 7 | * 8 | * Copyright (C) 2007 Tresys Technology, LLC 9 | * 10 | * This library is free software; you can redistribute it and/or 11 | * modify it under the terms of the GNU Lesser General Public 12 | * License as published by the Free Software Foundation; either 13 | * version 2.1 of the License, or (at your option) any later version. 14 | * 15 | * This library is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 | * Lesser General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU Lesser General Public 21 | * License along with this library; if not, write to the Free Software 22 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 23 | */ 24 | 25 | #ifndef NOMLS_TEST 26 | #define NOMLS_TEST 27 | int nomls_test_init(); 28 | int nomls_test_cleanup(); 29 | 30 | void nomls_tests(); 31 | void nomls_unchanged_test(); 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /libpoldiff/tests/policy-defs.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Header file defining location of test policies. 5 | * 6 | * @author Paul Rosenfeld prosenfeld@tresys.com 7 | * 8 | * Copyright (C) 2007 Tresys Technology, LLC 9 | * 10 | * This library is free software; you can redistribute it and/or 11 | * modify it under the terms of the GNU Lesser General Public 12 | * License as published by the Free Software Foundation; either 13 | * version 2.1 of the License, or (at your option) any later version. 14 | * 15 | * This library is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 | * Lesser General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU Lesser General Public 21 | * License along with this library; if not, write to the Free Software 22 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 23 | */ 24 | 25 | #ifndef POLICY_DEFS 26 | #define POLICY_DEFS 27 | 28 | #include 29 | 30 | #define POLICY_ROOT TEST_POLICIES "/setools-3.2/sediff" 31 | 32 | #define COMPONENTS_ORIG_POLICY (POLICY_ROOT "/testing-component-orig.conf") 33 | #define COMPONENTS_MOD_POLICY (POLICY_ROOT "/testing-component-mod.conf") 34 | 35 | #define RULES_ORIG_POLICY (POLICY_ROOT "/testing-rules-orig.conf") 36 | #define RULES_MOD_POLICY (POLICY_ROOT "/testing-rules-mod.conf") 37 | 38 | #define MLS_ORIG_POLICY (POLICY_ROOT "/testing-mls-orig.conf") 39 | #define MLS_MOD_POLICY (POLICY_ROOT "/testing-mls-mod.conf") 40 | 41 | #define NOMLS_ORIG_POLICY (POLICY_ROOT "/testing-mls-orig.conf") 42 | #define NOMLS_MOD_POLICY (POLICY_ROOT "/testing-mls-mod-nomls.conf") 43 | 44 | #endif 45 | -------------------------------------------------------------------------------- /libpoldiff/tests/rules-tests.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Header file for libpoldiff's correctness of rules. 5 | * 6 | * @author Paul Rosenfeld prosenfeld@tresys.com 7 | * 8 | * Copyright (C) 2007 Tresys Technology, LLC 9 | * 10 | * This library is free software; you can redistribute it and/or 11 | * modify it under the terms of the GNU Lesser General Public 12 | * License as published by the Free Software Foundation; either 13 | * version 2.1 of the License, or (at your option) any later version. 14 | * 15 | * This library is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 | * Lesser General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU Lesser General Public 21 | * License along with this library; if not, write to the Free Software 22 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 23 | */ 24 | 25 | #ifndef RULES_TEST 26 | #define RULES_TEST 27 | int rules_test_init(); 28 | int rules_test_cleanup(); 29 | 30 | void rules_avrules_tests(); 31 | void rules_roleallow_tests(); 32 | void rules_roletrans_tests(); 33 | void rules_terules_tests(); 34 | 35 | void build_avrule_vecs(); 36 | void build_terule_vecs(); 37 | void build_roletrans_vecs(); 38 | void build_roleallow_vecs(); 39 | 40 | #endif 41 | -------------------------------------------------------------------------------- /libqpol/Makefile.am: -------------------------------------------------------------------------------- 1 | if DO_SWIGIFY 2 | MAYBE_SWIG = swig 3 | endif 4 | 5 | SUBDIRS = src include tests $(MAYBE_SWIG) 6 | 7 | libqpol.a libqpol.so: 8 | $(MAKE) -C src $@ 9 | -------------------------------------------------------------------------------- /libqpol/include/Makefile.am: -------------------------------------------------------------------------------- 1 | SUBDIRS = qpol 2 | -------------------------------------------------------------------------------- /libqpol/include/qpol/Makefile.am: -------------------------------------------------------------------------------- 1 | qpoldir = $(includedir)/qpol 2 | 3 | qpol_HEADERS = \ 4 | avrule_query.h \ 5 | bool_query.h \ 6 | class_perm_query.h \ 7 | cond_query.h \ 8 | constraint_query.h \ 9 | context_query.h \ 10 | default_object_query.h \ 11 | fs_use_query.h \ 12 | genfscon_query.h \ 13 | isid_query.h \ 14 | iterator.h \ 15 | mls_query.h \ 16 | mlsrule_query.h \ 17 | module.h \ 18 | netifcon_query.h \ 19 | nodecon_query.h \ 20 | permissive_query.h \ 21 | bounds_query.h \ 22 | polcap_query.h \ 23 | policy.h \ 24 | policy_extend.h \ 25 | portcon_query.h \ 26 | rbacrule_query.h \ 27 | role_query.h \ 28 | syn_rule_query.h \ 29 | terule_query.h \ 30 | ftrule_query.h \ 31 | type_query.h \ 32 | user_query.h \ 33 | util.h 34 | -------------------------------------------------------------------------------- /libqpol/include/qpol/util.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Miscellaneous, uncategorized functions for libqpol. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2006-2007 Tresys Technology, LLC 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2.1 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef QPOL_UTIL_H 27 | #define QPOL_UTIL_H 28 | 29 | #ifdef __cplusplus 30 | extern "C" 31 | { 32 | #endif 33 | 34 | /** 35 | * Return an immutable string describing this library's version. 36 | * 37 | * @return String describing this library. 38 | */ 39 | extern const char *libqpol_get_version(void); 40 | 41 | /** 42 | * Find the "default" policy file on the currently running system. 43 | * First try looking for a monolithic source policy; if that does not 44 | * exist then try a monolithic binary policy. 45 | * 46 | * @param path Buffer to store the policy's path. The caller is 47 | * responsible for free()ing this string. 48 | * 49 | * @return 0 if a policy was found, > 0 if not, < 0 upon error. 50 | */ 51 | extern int qpol_default_policy_find(char **path); 52 | 53 | /* bunzip() a file to '*data', returning the total number of uncompressed bytes 54 | * in the file. Returns -1 if file could not be decompressed. */ 55 | extern ssize_t qpol_bunzip(FILE *f, char **data); 56 | 57 | #ifdef __cplusplus 58 | } 59 | #endif 60 | 61 | #endif 62 | -------------------------------------------------------------------------------- /libqpol/src/expand.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Public interface for expanding a modular policy. 5 | * 6 | * @author Kevin Carr kcarr@tresys.com 7 | * @author Jeremy A. Mowery jmowery@tresys.com 8 | * @author Jason Tang jtang@tresys.com 9 | * 10 | * Copyright (C) 2006-2007 Tresys Technology, LLC 11 | * 12 | * This library is free software; you can redistribute it and/or 13 | * modify it under the terms of the GNU Lesser General Public 14 | * License as published by the Free Software Foundation; either 15 | * version 2.1 of the License, or (at your option) any later version. 16 | * 17 | * This library is distributed in the hope that it will be useful, 18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 20 | * Lesser General Public License for more details. 21 | * 22 | * You should have received a copy of the GNU Lesser General Public 23 | * License along with this library; if not, write to the Free Software 24 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 25 | */ 26 | 27 | #ifndef QPOL_EXPAND_H 28 | #define QPOL_EXPAND_H 29 | 30 | #ifdef __cplusplus 31 | extern "C" 32 | { 33 | #endif 34 | 35 | #include 36 | 37 | /** 38 | * Expand a policy. Linking should always be done prior to calling 39 | * this function. 40 | * 41 | * @param base the module to expand. 42 | * @param neverallows if non-zero expand neverallows. 43 | * @return 0 on success, -1 on error. 44 | */ 45 | int qpol_expand_module(qpol_policy_t * base, int neverallows); 46 | 47 | #ifdef __cplusplus 48 | } 49 | #endif 50 | 51 | #endif 52 | -------------------------------------------------------------------------------- /libqpol/src/libqpol.map: -------------------------------------------------------------------------------- 1 | VERS_1.2 { 2 | global: 3 | qpol_avrule_*; 4 | qpol_bool_*; 5 | qpol_cat_*; 6 | qpol_class_*; 7 | qpol_common_*; 8 | qpol_cond_*; 9 | qpol_constraint_*; 10 | qpol_context_*; 11 | qpol_default_policy_find; 12 | qpol_fs_use_*; 13 | qpol_genfscon_*; 14 | qpol_isid_*; 15 | qpol_iterator_end; 16 | qpol_iterator_next; 17 | qpol_iterator_get_*; 18 | qpol_iterator_destroy; 19 | qpol_level_*; 20 | qpol_mls_*; 21 | qpol_module_*; 22 | qpol_netifcon_*; 23 | qpol_nodecon_*; 24 | qpol_perm_*; 25 | qpol_policy_append_module; 26 | qpol_policy_build_syn_rule_table; 27 | qpol_policy_destroy; 28 | qpol_policy_get_*; 29 | qpol_policy_has_capability; 30 | qpol_policy_open_from_file; 31 | qpol_policy_open_from_file_no_rules; 32 | qpol_policy_open_from_memory; 33 | qpol_policy_rebuild; 34 | qpol_policy_reevaluate_conds; 35 | qpol_portcon_*; 36 | qpol_range_trans_*; 37 | qpol_filename_trans_*; 38 | qpol_role_*; 39 | qpol_syn_avrule_*; 40 | qpol_syn_terule_*; 41 | qpol_terule_*; 42 | qpol_type_get_alias_iter; 43 | qpol_type_get_attr_iter; 44 | qpol_type_get_isalias; 45 | qpol_type_get_isattr; 46 | qpol_type_get_name; 47 | qpol_type_get_type_iter; 48 | qpol_type_get_value; 49 | qpol_type_set_*; 50 | qpol_user_*; 51 | qpol_validatetrans_*; 52 | libqpol_get_version; 53 | local: *; 54 | }; 55 | 56 | VERS_1.3 { 57 | global: 58 | qpol_policy_open_from_file; 59 | qpol_policy_open_from_memory; 60 | qpol_policy_rebuild; 61 | } VERS_1.2; 62 | 63 | VERS_1.4 { 64 | global: 65 | qpol_type_get_ispermissive; 66 | qpol_type_get_parent_name; 67 | } VERS_1.3; 68 | 69 | VERS_1.5 { 70 | global: 71 | qpol_policy_permissive_*; 72 | qpol_permissive_*; 73 | qpol_typebounds_*; 74 | qpol_rolebounds_*; 75 | qpol_userbounds_*; 76 | qpol_policy_polcap_*; 77 | qpol_polcap_*; 78 | qpol_default_object_*; 79 | } VERS_1.4; 80 | -------------------------------------------------------------------------------- /libqpol/src/queue.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * This file is a copy of queue.h from NSA's CVS repository. 5 | * 6 | * Author : Stephen Smalley, 7 | */ 8 | 9 | /* No changes for SETools libqpol services - Just the header */ 10 | 11 | /* FLASK */ 12 | 13 | /* 14 | * A double-ended queue is a singly linked list of 15 | * elements of arbitrary type that may be accessed 16 | * at either end. 17 | */ 18 | 19 | #ifndef _QUEUE_H_ 20 | #define _QUEUE_H_ 21 | 22 | typedef void *queue_element_t; 23 | 24 | typedef struct queue_node *queue_node_ptr_t; 25 | 26 | typedef struct queue_node { 27 | queue_element_t element; 28 | queue_node_ptr_t next; 29 | } queue_node_t; 30 | 31 | typedef struct queue_info { 32 | queue_node_ptr_t head; 33 | queue_node_ptr_t tail; 34 | } queue_info_t; 35 | 36 | typedef queue_info_t *queue_t; 37 | 38 | queue_t queue_create(void); 39 | int queue_insert(queue_t, queue_element_t); 40 | int queue_push(queue_t, queue_element_t); 41 | queue_element_t queue_remove(queue_t); 42 | queue_element_t queue_head(queue_t); 43 | void queue_destroy(queue_t); 44 | 45 | /* 46 | Applies the specified function f to each element in the 47 | specified queue. 48 | 49 | In addition to passing the element to f, queue_map 50 | passes the specified void* pointer to f on each invocation. 51 | 52 | If f returns a non-zero status, then queue_map will cease 53 | iterating through the hash table and will propagate the error 54 | return to its caller. 55 | */ 56 | int queue_map(queue_t, int (*f) (queue_element_t, void *), void *); 57 | 58 | /* 59 | Same as queue_map, except that if f returns a non-zero status, 60 | then the element will be removed from the queue and the g 61 | function will be applied to the element. 62 | */ 63 | void queue_map_remove_on_error(queue_t, 64 | int (*f) (queue_element_t, void *), 65 | void (*g) (queue_element_t, void *), void *); 66 | 67 | #endif 68 | 69 | /* FLASK */ 70 | -------------------------------------------------------------------------------- /libqpol/src/syn_rule_internal.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Protected definition for syntactic rules from the extended 4 | * policy image. 5 | * 6 | * @author Kevin Carr kcarr@tresys.com 7 | * @author Jeremy A. Mowery jmowery@tresys.com 8 | * @author Jason Tang jtang@tresys.com 9 | * 10 | * Copyright (C) 2006-2007 Tresys Technology, LLC 11 | * 12 | * This library is free software; you can redistribute it and/or 13 | * modify it under the terms of the GNU Lesser General Public 14 | * License as published by the Free Software Foundation; either 15 | * version 2.1 of the License, or (at your option) any later version. 16 | * 17 | * This library is distributed in the hope that it will be useful, 18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 20 | * Lesser General Public License for more details. 21 | * 22 | * You should have received a copy of the GNU Lesser General Public 23 | * License along with this library; if not, write to the Free Software 24 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 25 | */ 26 | #ifndef QPOL_SYN_RULE_INTERNAL_H 27 | #define QPOL_SYN_RULE_INTERNAL_H 28 | 29 | #ifdef __cplusplus 30 | extern "C" 31 | { 32 | #endif 33 | 34 | struct qpol_syn_rule 35 | { 36 | avrule_t *rule; 37 | cond_node_t *cond; 38 | /** 0 if this rule is unconditional or in a conditional's true branch, 1 if in else */ 39 | int cond_branch; 40 | /* char *mod_name; for later use */ 41 | }; 42 | 43 | #ifdef __cplusplus 44 | } 45 | #endif 46 | 47 | #endif /* QPOL_SYN_RULE_INTERNAL_H */ 48 | -------------------------------------------------------------------------------- /libqpol/swig/Makefile.am: -------------------------------------------------------------------------------- 1 | if DO_SWIGIFY_PYTHON 2 | MAYBE_PYSWIG = python 3 | endif 4 | 5 | if DO_SWIGIFY_JAVA 6 | MAYBE_JSWIG = java 7 | endif 8 | 9 | if DO_SWIGIFY_TCL 10 | MAYBE_TCLSWIG = tcl 11 | endif 12 | 13 | SUBDIRS = $(MAYBE_PYSWIG) $(MAYBE_JSWIG) $(MAYBE_TCLSWIG) 14 | 15 | dist_noinst_DATA = qpol.i 16 | -------------------------------------------------------------------------------- /libqpol/swig/java/MANIFEST.MF.in: -------------------------------------------------------------------------------- 1 | Manifest-Version: 1.0 2 | 3 | Name: com/tresys/setools/ 4 | Specification-Title: "SETools Java Libraries" 5 | Specification-Version: "@VERSION@" 6 | Specification-Vendor: "Tresys Technology" 7 | Implementation-Title: "com.tresys.setools.qpol" 8 | Implementation-Version: "@libqpol_version@" 9 | Implementation-Vendor: "Tresys Technology" 10 | -------------------------------------------------------------------------------- /libqpol/swig/python/Makefile.am: -------------------------------------------------------------------------------- 1 | wrappedso_DATA = _qpol.so.@libqpol_version@ 2 | wrappedso_SONAME = @libqpol_pyswig_soname@ 3 | wrappedsodir = $(pkgpyexecdir) 4 | 5 | pkgpython_PYTHON = __init__.py 6 | wrappedpy_DATA = qpol.py $(pkgpython_PYTHON) 7 | wrappedpydir = $(pkgpyexecdir) 8 | 9 | dist_noinst_DATA = $(srcdir)/../qpol.i 10 | BUILT_SOURCES = qpol_wrap.c 11 | 12 | AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ 13 | -I$(top_builddir) -fpic \ 14 | -I$(top_srcdir)/libqpol/include 15 | AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ @QPOL_LIB_FLAG@ @PYTHON_LDFLAGS@ 16 | 17 | $(BUILT_SOURCES): $(dist_noinst_DATA) $(DEPENDENCIES) 18 | $(SWIG) $(SWIG_PYTHON_OPT) -o $@ $< 19 | 20 | $(wrappedso_DATA): $(BUILT_SOURCES) 21 | $(CC) -shared -o $@ $^ $(AM_CFLAGS) $(CFLAGS) $(SWIG_PYTHON_CPPFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -Wl,-soname,$(wrappedso_SONAME) 22 | $(LN_S) -f $@ $(wrappedso_SONAME) 23 | $(LN_S) -f $@ _qpol.so 24 | 25 | $(wrappedpy_DATA): $(BUILT_SOURCES) 26 | 27 | install-data-hook: 28 | cd $(DESTDIR)$(wrappedsodir) && $(LN_S) -f $(wrappedso_DATA) $(wrappedso_SONAME) 29 | cd $(DESTDIR)$(wrappedsodir) && $(LN_S) -f $(wrappedso_DATA) _qpol.so 30 | 31 | uninstall-local: 32 | -rm -rf $(DESTDIR)$(wrappedsodir)/$(wrappedso_SONAME) $(DESTDIR)$(wrappedsodir)/_qpol.so 33 | 34 | MOSTLYCLEANFILES = $(BUILT_SOURCES) $(wrappedso_DATA) qpol.py $(wrappedso_SONAME) _qpol.so qpol.pyc 35 | -------------------------------------------------------------------------------- /libqpol/swig/python/__init__.py: -------------------------------------------------------------------------------- 1 | # This file intentionally left blank. 2 | -------------------------------------------------------------------------------- /libqpol/swig/tcl/Makefile.am: -------------------------------------------------------------------------------- 1 | wrappedso_DATA = libtqpol.so.@libqpol_version@ 2 | wrappedso_SONAME = @libqpol_tswig_soname@ 3 | short_name = libtqpol.so 4 | wrappedsodir = $(libdir)/setools/qpol 5 | 6 | package_SCRIPTS = pkgIndex.tcl 7 | packagedir = $(wrappedsodir) 8 | 9 | dist_noinst_DATA = $(srcdir)/../qpol.i 10 | BUILT_SOURCES = qpol_wrap.c 11 | 12 | AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ 13 | -I$(top_builddir) -fpic \ 14 | -I$(top_srcdir)/libqpol/include 15 | AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ @QPOL_LIB_FLAG@ @TCL_LIB_SPEC@ 16 | 17 | $(BUILT_SOURCES): $(dist_noinst_DATA) $(DEPENDENCIES) 18 | $(SWIG) $(SWIG_TCL_OPT) -pkgversion @libqpol_version@ -o $@ $< 19 | 20 | $(wrappedso_DATA): $(BUILT_SOURCES) 21 | $(CC) -shared -o $@ $^ $(AM_CFLAGS) $(CFLAGS) $(SWIG_TCL_CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -Wl,-soname,$(wrappedso_SONAME) 22 | $(LN_S) -f $@ $(wrappedso_SONAME) 23 | $(LN_S) -f $@ $(short_name) 24 | 25 | libdirs = $(top_builddir)/libqpol/src 26 | 27 | $(package_SCRIPTS): $(wrappedso_DATA) 28 | echo "pkg_mkIndex . $^" | LD_LIBRARY_PATH=$(top_builddir)/libqpol/src $(TCLSH_PROG) 29 | chmod 644 $@ 30 | $(mkdir_p) qpol 31 | cp $(wrappedso_DATA) $@ qpol 32 | 33 | MOSTLYCLEANFILES = $(BUILT_SOURCES) $(wrappedso_DATA) $(wrappedso_SONAME) $(short_name) $(package_DATA) qpol/$(wrappedso_DATA) qpol/$(package_SCRIPTS) 34 | 35 | CLEANFILES = $(package_SCRIPTS) 36 | -------------------------------------------------------------------------------- /libqpol/tests/Makefile.am: -------------------------------------------------------------------------------- 1 | TESTS = libqpol-tests 2 | check_PROGRAMS = libqpol-tests 3 | 4 | libqpol_tests_SOURCES = \ 5 | capabilities-tests.c capabilities-tests.h \ 6 | iterators-tests.c iterators-tests.h \ 7 | policy-features-tests.c policy-features-tests.h \ 8 | libqpol-tests.c 9 | 10 | AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ 11 | @QPOL_CFLAGS@ 12 | 13 | AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ 14 | 15 | LDADD = @SELINUX_LIB_FLAG@ @QPOL_LIB_FLAG@ @CUNIT_LIB_FLAG@ 16 | 17 | libqpol_tests_DEPENDENCIES = ../src/libqpol.so 18 | -------------------------------------------------------------------------------- /libqpol/tests/capabilities-tests.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Declarations for libqpol capabilities tests. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2007 Tresys Technology, LLC 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2.1 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef CAPABILITES_TESTS_H 27 | #define CAPABILITES_TESTS_H 28 | 29 | #include 30 | 31 | extern CU_TestInfo capabilities_tests[]; 32 | extern int capabilities_init(); 33 | extern int capabilities_cleanup(); 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /libqpol/tests/iterators-tests.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Declarations for libqpol iterator tests. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2007 Tresys Technology, LLC 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2.1 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef ITERATORS_TESTS_H 27 | #define ITERATORS_TESTS_H 28 | 29 | #include 30 | 31 | extern CU_TestInfo iterators_tests[]; 32 | extern int iterators_init(); 33 | extern int iterators_cleanup(); 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /libqpol/tests/libqpol-tests.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * CUnit testing framework for libqpol. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2007 Tresys Technology, LLC 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2.1 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #include 27 | 28 | #include 29 | #include 30 | 31 | #include "capabilities-tests.h" 32 | #include "iterators-tests.h" 33 | #include "policy-features-tests.h" 34 | 35 | int main(void) 36 | { 37 | if (CU_initialize_registry() != CUE_SUCCESS) { 38 | return CU_get_error(); 39 | } 40 | 41 | CU_SuiteInfo suites[] = { 42 | {"Capabilities", capabilities_init, capabilities_cleanup, capabilities_tests} 43 | , 44 | {"Iterators", iterators_init, iterators_cleanup, iterators_tests} 45 | , 46 | {"Policy Featurens", policy_features_init, policy_features_cleanup, policy_features_tests} 47 | , 48 | CU_SUITE_INFO_NULL 49 | }; 50 | 51 | CU_register_suites(suites); 52 | CU_basic_set_mode(CU_BRM_VERBOSE); 53 | CU_basic_run_tests(); 54 | unsigned int num_failures = CU_get_number_of_failure_records(); 55 | CU_cleanup_registry(); 56 | return (int)num_failures; 57 | } 58 | -------------------------------------------------------------------------------- /libqpol/tests/policy-features-tests.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Declarations for libqpol tests for reading special types of policies. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2007 Tresys Technology, LLC 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2.1 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef POLICY_FEATURES_TESTS_H 27 | #define POLICY_FEATURES_TESTS_H 28 | 29 | #include 30 | 31 | extern CU_TestInfo policy_features_tests[]; 32 | extern int policy_features_init(); 33 | extern int policy_features_cleanup(); 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /libseaudit/Makefile.am: -------------------------------------------------------------------------------- 1 | if DO_SWIGIFY 2 | MAYBE_SWIG = swig 3 | endif 4 | 5 | SUBDIRS = src include tests $(MAYBE_SWIG) 6 | 7 | libseaudit.a libseaudit.so: 8 | $(MAKE) -C src $@ 9 | -------------------------------------------------------------------------------- /libseaudit/include/Makefile.am: -------------------------------------------------------------------------------- 1 | SUBDIRS = seaudit -------------------------------------------------------------------------------- /libseaudit/include/seaudit/Makefile.am: -------------------------------------------------------------------------------- 1 | seauditdir = $(includedir)/seaudit 2 | 3 | seaudit_HEADERS = \ 4 | avc_message.h \ 5 | bool_message.h \ 6 | filter.h \ 7 | load_message.h \ 8 | log.h \ 9 | message.h \ 10 | model.h \ 11 | parse.h \ 12 | report.h \ 13 | sort.h \ 14 | util.h 15 | -------------------------------------------------------------------------------- /libseaudit/include/seaudit/bool_message.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Public interface for a single boolean change log message. This is 4 | * a subclass of seaudit_message; it has no publicly accessible 5 | * functions. 6 | * 7 | * @author Jeremy A. Mowery jmowery@tresys.com 8 | * @author Jason Tang jtang@tresys.com 9 | * 10 | * Copyright (C) 2006-2007 Tresys Technology, LLC 11 | * 12 | * This library is free software; you can redistribute it and/or 13 | * modify it under the terms of the GNU Lesser General Public 14 | * License as published by the Free Software Foundation; either 15 | * version 2.1 of the License, or (at your option) any later version. 16 | * 17 | * This library is distributed in the hope that it will be useful, 18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 20 | * Lesser General Public License for more details. 21 | * 22 | * You should have received a copy of the GNU Lesser General Public 23 | * License along with this library; if not, write to the Free Software 24 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 25 | */ 26 | 27 | #ifndef SEAUDIT_BOOL_MESSAGE_H 28 | #define SEAUDIT_BOOL_MESSAGE_H 29 | 30 | #include 31 | 32 | #ifdef __cplusplus 33 | extern "C" 34 | { 35 | #endif 36 | 37 | typedef struct seaudit_bool_message seaudit_bool_message_t; 38 | 39 | #ifdef __cplusplus 40 | } 41 | #endif 42 | 43 | #endif 44 | -------------------------------------------------------------------------------- /libseaudit/include/seaudit/load_message.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Public interface for a single loaded policy log message. This is 4 | * a subclass of seaudit_message; it has no publicly accessible 5 | * functions. 6 | * 7 | * @author Jeremy A. Mowery jmowery@tresys.com 8 | * @author Jason Tang jtang@tresys.com 9 | * 10 | * Copyright (C) 2006-2007 Tresys Technology, LLC 11 | * 12 | * This library is free software; you can redistribute it and/or 13 | * modify it under the terms of the GNU Lesser General Public 14 | * License as published by the Free Software Foundation; either 15 | * version 2.1 of the License, or (at your option) any later version. 16 | * 17 | * This library is distributed in the hope that it will be useful, 18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 20 | * Lesser General Public License for more details. 21 | * 22 | * You should have received a copy of the GNU Lesser General Public 23 | * License along with this library; if not, write to the Free Software 24 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 25 | */ 26 | 27 | #ifndef SEAUDIT_LOAD_MESSAGE_H 28 | #define SEAUDIT_LOAD_MESSAGE_H 29 | 30 | #ifdef __cplusplus 31 | extern "C" 32 | { 33 | #endif 34 | 35 | typedef struct seaudit_load_message seaudit_load_message_t; 36 | 37 | #ifdef __cplusplus 38 | } 39 | #endif 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /libseaudit/include/seaudit/util.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Miscellaneous, uncategorized functions for libseaudit. 4 | * 5 | * @author Jeremy A. Mowery jmowery@tresys.com 6 | * @author Jason Tang jtang@tresys.com 7 | * 8 | * Copyright (C) 2003-2007 Tresys Technology, LLC 9 | * 10 | * This library is free software; you can redistribute it and/or 11 | * modify it under the terms of the GNU Lesser General Public 12 | * License as published by the Free Software Foundation; either 13 | * version 2.1 of the License, or (at your option) any later version. 14 | * 15 | * This library is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 | * Lesser General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU Lesser General Public 21 | * License along with this library; if not, write to the Free Software 22 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 23 | */ 24 | 25 | #ifndef SEAUDIT_UTIL_H 26 | #define SEAUDIT_UTIL_H 27 | 28 | #ifdef __cplusplus 29 | extern "C" 30 | { 31 | #endif 32 | 33 | /** 34 | * Return an immutable string describing this library's version. 35 | * 36 | * @return String describing this library. 37 | */ 38 | extern const char *libseaudit_get_version(void); 39 | 40 | #ifdef __cplusplus 41 | } 42 | #endif 43 | 44 | #endif 45 | -------------------------------------------------------------------------------- /libseaudit/src/Makefile.am: -------------------------------------------------------------------------------- 1 | lib_LIBRARIES = libseaudit.a 2 | 3 | seauditso_DATA = libseaudit.so.@libseaudit_version@ 4 | seauditsodir = $(libdir) 5 | 6 | AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ 7 | @APOL_CFLAGS@ @QPOL_CFLAGS@ @XML_CFLAGS@ -I$(srcdir)/../include -fpic 8 | AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ 9 | 10 | libseaudit_a_SOURCES = \ 11 | avc_message.c \ 12 | bool_message.c \ 13 | filter.c filter-internal.c filter-internal.h \ 14 | load_message.c \ 15 | log.c \ 16 | message.c \ 17 | model.c \ 18 | parse.c \ 19 | report.c \ 20 | sort.c \ 21 | util.c \ 22 | seaudit_internal.h 23 | 24 | libseaudit_a_DEPENDENCIES = $(top_builddir)/libapol/src/libapol.so 25 | 26 | libseaudit_so_OBJS = $(patsubst %.c,%.o,$(filter %.c,$(libseaudit_a_SOURCES))) 27 | LIBSEAUDIT_SONAME = @libseaudit_soname@ 28 | 29 | dist_noinst_DATA = libseaudit.map 30 | 31 | $(seauditso_DATA): $(libseaudit_so_OBJS) libseaudit.map 32 | $(CC) -shared -o $@ $(libseaudit_so_OBJS) $(AM_LDFLAGS) $(LDFLAGS) -Wl,-soname,$(LIBSEAUDIT_SONAME),--version-script=$(srcdir)/libseaudit.map,-z,defs $(top_builddir)/libqpol/src/libqpol.so $(top_builddir)/libapol/src/libapol.so $(XML_LIBS) -lselinux 33 | $(LN_S) -f $@ @libseaudit_soname@ 34 | $(LN_S) -f $@ libseaudit.so 35 | 36 | libseaudit.so: $(seauditso_DATA) 37 | 38 | $(top_builddir)/libapol/src/libapol.so: 39 | $(MAKE) -C $(top_builddir)/libapol/src $(notdir $@) 40 | 41 | $(top_builddir)/libqpol/src/libqpol.so: 42 | $(MAKE) -C $(top_builddir)/libqpol/src $(notdir $@) 43 | 44 | install-data-hook: 45 | cd $(DESTDIR)$(seauditsodir) && $(LN_S) -f $(seauditso_DATA) @libseaudit_soname@ 46 | cd $(DESTDIR)$(seauditsodir) && $(LN_S) -f $(seauditso_DATA) libseaudit.so 47 | 48 | mostlyclean-local: 49 | -rm -rf *.gcno *.gcda *.gprof *.gcov libseaudit.so @libseaudit_soname@ $(seauditso_DATA) 50 | 51 | uninstall-local: 52 | -rm -rf $(DESTDIR)$(seauditsodir)/$(seauditso_DATA) $(DESTDIR)$(seauditsodir)/@libseaudit_soname@ $(DESTDIR)$(seauditsodir)/libseaudit.so 53 | -------------------------------------------------------------------------------- /libseaudit/src/util.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Implementation of utility functions. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2006-2007 Tresys Technology, LLC 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2.1 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #include 27 | #include 28 | 29 | const char *libseaudit_get_version(void) 30 | { 31 | return LIBSEAUDIT_VERSION_STRING; 32 | } 33 | -------------------------------------------------------------------------------- /libseaudit/swig/Makefile.am: -------------------------------------------------------------------------------- 1 | if DO_SWIGIFY_PYTHON 2 | MAYBE_PYSWIG = python 3 | endif 4 | 5 | if DO_SWIGIFY_JAVA 6 | MAYBE_JSWIG = java 7 | endif 8 | 9 | if DO_SWIGIFY_TCL 10 | MAYBE_TCLSWIG = tcl 11 | endif 12 | 13 | SUBDIRS = $(MAYBE_PYSWIG) $(MAYBE_JSWIG) $(MAYBE_TCLSWIG) 14 | 15 | dist_noinst_DATA = seaudit.i 16 | -------------------------------------------------------------------------------- /libseaudit/swig/java/MANIFEST.MF.in: -------------------------------------------------------------------------------- 1 | Manifest-Version: 1.0 2 | 3 | Name: com/tresys/setools/ 4 | Specification-Title: "SETools Java Libraries" 5 | Specification-Version: "@VERSION@" 6 | Specification-Vendor: "Tresys Technology" 7 | Implementation-Title: "com.tresys.setools.seaudit" 8 | Implementation-Version: "@libseaudit_version@" 9 | Implementation-Vendor: "Tresys Technology" 10 | Extension-List: qpol apol 11 | qpol-Extension-Name: com.tresys.setools.qpol 12 | qpol-Implementation-Version: @libqpol_version@ 13 | apol-Extension-Name: com.tresys.setools.apol 14 | apol-Implementation-Version: @libapol_version@ 15 | -------------------------------------------------------------------------------- /libseaudit/swig/python/Makefile.am: -------------------------------------------------------------------------------- 1 | wrappedso_DATA = _seaudit.so.@libseaudit_version@ 2 | wrappedso_SONAME = @libseaudit_pyswig_soname@ 3 | wrappedsodir = $(pkgpyexecdir) 4 | 5 | wrappedpy_DATA = seaudit.py 6 | wrappedpydir = $(pkgpyexecdir) 7 | 8 | dist_noinst_DATA = $(srcdir)/../seaudit.i 9 | BUILT_SOURCES = seaudit_wrap.c 10 | 11 | AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ 12 | @QPOL_CFLAGS@ @APOL_CFLAGS@ -I$(top_builddir) -fpic \ 13 | -I$(top_srcdir)/libseaudit/include 14 | AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ \ 15 | @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@ @SEAUDIT_LIB_FLAG@ @XML_LIBS@ 16 | DEPENDENCIES = $(top_builddir)/libqpol/src/libqpol.so \ 17 | $(top_builddir)/libapol/src/libapol.so \ 18 | $(top_builddir)/libseaudit/src/libseaudit.so 19 | 20 | $(BUILT_SOURCES): $(dist_noinst_DATA) $(DEPENDENCIES) 21 | $(SWIG) $(SWIG_PYTHON_OPT) -o $@ \ 22 | -I$(top_srcdir)/libseaudit/include -I$(top_srcdir)/libapol/include -I$(top_srcdir)/libqpol/include \ 23 | -I$(top_srcdir)/libqpol/swig -I$(top_srcdir)/libapol/swig $< 24 | 25 | $(wrappedso_DATA): $(BUILT_SOURCES) 26 | $(CC) -shared -o $@ $^ $(AM_CFLAGS) $(CFLAGS) $(SWIG_PYTHON_CPPFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -Wl,-soname,$(wrappedso_SONAME) 27 | $(LN_S) -f $@ $(wrappedso_SONAME) 28 | $(LN_S) -f $@ _seaudit.so 29 | 30 | $(wrappedpy_DATA): $(BUILT_SOURCES) 31 | 32 | install-data-hook: 33 | cd $(DESTDIR)$(wrappedsodir) && $(LN_S) -f $(wrappedso_DATA) $(wrappedso_SONAME) 34 | cd $(DESTDIR)$(wrappedsodir) && $(LN_S) -f $(wrappedso_DATA) _seaudit.so 35 | 36 | uninstall-local: 37 | -rm -rf $(DESTDIR)$(wrappedsodir)/$(wrappedso_SONAME) $(DESTDIR)$(wrappedsodir)/_seaudit.so 38 | 39 | MOSTLYCLEANFILES = $(BUILT_SOURCES) $(wrappedso_DATA) $(wrappedpy_DATA) $(wrappedso_SONAME) _seaudit.so seaudit.pyc 40 | -------------------------------------------------------------------------------- /libseaudit/swig/tcl/Makefile.am: -------------------------------------------------------------------------------- 1 | wrappedso_DATA = libtseaudit.so.@libseaudit_version@ 2 | wrappedso_SONAME = @libseaudit_tswig_soname@ 3 | short_name = libtseaudit.so 4 | wrappedsodir = $(libdir)/setools/seaudit 5 | 6 | package_SCRIPTS = pkgIndex.tcl 7 | packagedir = $(wrappedsodir) 8 | 9 | dist_noinst_DATA = $(srcdir)/../seaudit.i 10 | BUILT_SOURCES = seaudit_wrap.c 11 | 12 | AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ 13 | @QPOL_CFLAGS@ @APOL_CFLAGS@ -I$(top_builddir) -fpic \ 14 | -I$(top_srcdir)/libseaudit/include 15 | AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ \ 16 | @SEAUDIT_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@ @XML_LIBS@ 17 | DEPENDENCIES = $(top_builddir)/libqpol/src/libqpol.so \ 18 | $(top_builddir)/libapol/src/libapol.so \ 19 | $(top_builddir)/libseaudit/src/libseaudit.so 20 | 21 | $(BUILT_SOURCES): $(dist_noinst_DATA) $(DEPENDENCIES) 22 | $(SWIG) $(SWIG_TCL_OPT) -pkgversion @libseaudit_version@ -o $@ -I$(top_srcdir)/libseaudit/include -I$(top_srcdir)/libapol/include -I$(top_srcdir)/libapol/swig -I$(top_srcdir)/libqpol/swig $< 23 | 24 | $(wrappedso_DATA): $(BUILT_SOURCES) 25 | $(CC) -shared -o $@ $^ $(AM_CFLAGS) $(CFLAGS) $(SWIG_TCL_CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -Wl,-soname,$(wrappedso_SONAME) 26 | $(LN_S) -f $@ $(wrappedso_SONAME) 27 | $(LN_S) -f $@ $(short_name) 28 | 29 | $(package_SCRIPTS): $(wrappedso_DATA) 30 | echo "pkg_mkIndex . $^" | LD_LIBRARY_PATH=$(top_builddir)/libqpol/src:$(top_builddir)/libapol/src:$(top_builddir)/libseaudit/src $(TCLSH_PROG) 31 | chmod 644 $@ 32 | $(mkdir_p) seaudit 33 | cp $(wrappedso_DATA) $@ seaudit 34 | 35 | MOSTLYCLEANFILES = $(BUILT_SOURCES) $(wrappedso_DATA) $(wrappedso_SONAME) $(short_name) $(package_DATA) seaudit/$(wrappedso_DATA) seaudit/$(package_SCRIPTS) 36 | 37 | CLEANFILES = $(package_SCRIPTS) 38 | -------------------------------------------------------------------------------- /libseaudit/tests/Makefile.am: -------------------------------------------------------------------------------- 1 | TESTS = libseaudit-tests 2 | check_PROGRAMS = libseaudit-tests 3 | 4 | libseaudit_tests_SOURCES = \ 5 | filters.c filters.h \ 6 | parse_file.c parse_file.h \ 7 | libseaudit-tests.c 8 | 9 | AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ 10 | @QPOL_CFLAGS@ @APOL_CFLAGS@ @SEAUDIT_CFLAGS@ 11 | 12 | AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ 13 | 14 | LDADD = @SELINUX_LIB_FLAG@ @SEAUDIT_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@ @CUNIT_LIB_FLAG@ 15 | 16 | libseaudit_tests_DEPENDENCIES = ../src/libseaudit.so 17 | -------------------------------------------------------------------------------- /libseaudit/tests/filters.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Declarations for using filters in libseaudit. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2007 Tresys Technology, LLC 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2.1 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef FILTERS_H 27 | #define FILTERS_H 28 | 29 | #include 30 | 31 | extern CU_TestInfo filters_tests[]; 32 | extern int filters_init(); 33 | extern int filters_cleanup(); 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /libseaudit/tests/libseaudit-tests.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * CUnit testing framework for libseaudit. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2007 Tresys Technology, LLC 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2.1 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #include 27 | 28 | #include 29 | #include 30 | 31 | #include "filters.h" 32 | #include "parse_file.h" 33 | 34 | int main(void) 35 | { 36 | if (CU_initialize_registry() != CUE_SUCCESS) { 37 | return CU_get_error(); 38 | } 39 | 40 | CU_SuiteInfo suites[] = { 41 | {"Parse File", parse_file_init, parse_file_cleanup, parse_file_tests} 42 | , 43 | {"Filters", filters_init, filters_cleanup, filters_tests} 44 | , 45 | CU_SUITE_INFO_NULL 46 | }; 47 | 48 | CU_register_suites(suites); 49 | CU_basic_set_mode(CU_BRM_VERBOSE); 50 | CU_basic_run_tests(); 51 | unsigned int num_failures = CU_get_number_of_failure_records(); 52 | CU_cleanup_registry(); 53 | return (int)num_failures; 54 | } 55 | -------------------------------------------------------------------------------- /libseaudit/tests/parse_file.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Declarations for parsing selinux audit logs from a file pointer. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2007 Tresys Technology, LLC 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2.1 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef PARSE_FILE_H 27 | #define PARSE_FILE_H 28 | 29 | #include 30 | 31 | extern CU_TestInfo parse_file_tests[]; 32 | extern int parse_file_init(); 33 | extern int parse_file_cleanup(); 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /libsefs/Makefile.am: -------------------------------------------------------------------------------- 1 | if DO_SWIGIFY 2 | MAYBE_SWIG = swig 3 | endif 4 | 5 | SUBDIRS = src include tests $(MAYBE_SWIG) 6 | 7 | libsefs.a libsefs.so: 8 | $(MAKE) -C src $@ 9 | -------------------------------------------------------------------------------- /libsefs/include/Makefile.am: -------------------------------------------------------------------------------- 1 | SUBDIRS = sefs 2 | -------------------------------------------------------------------------------- /libsefs/include/sefs/Makefile.am: -------------------------------------------------------------------------------- 1 | sefsdir = $(includedir)/sefs 2 | 3 | sefs_HEADERS = \ 4 | db.hh \ 5 | entry.hh \ 6 | fcfile.hh \ 7 | fclist.hh \ 8 | filesystem.hh \ 9 | query.hh \ 10 | util.h 11 | -------------------------------------------------------------------------------- /libsefs/include/sefs/util.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Miscellaneous, uncategorized functions for libsefs. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2006-2007 Tresys Technology, LLC 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2.1 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef SEFS_UTIL_H 27 | #define SEFS_UTIL_H 28 | 29 | #ifdef __cplusplus 30 | extern "C" 31 | { 32 | #endif 33 | 34 | /** 35 | * Return an immutable string describing this library's version. 36 | * 37 | * @return String describing this library. 38 | */ 39 | extern const char *libsefs_get_version(void); 40 | 41 | /** 42 | * Return the name (path + filename) of the file_contexts file for the 43 | * currently running SELinux system. If the system is not running 44 | * SELinux then return an empty string (""). 45 | * 46 | * @return The name of the default file_contexts file (if system is 47 | * running SELinux), an empty string (if not SELinux), or NULL upon 48 | * error. The caller must free() the string afterwards. 49 | */ 50 | extern char *sefs_default_file_contexts_get_path(void); 51 | 52 | #ifdef __cplusplus 53 | } 54 | #endif 55 | 56 | #endif 57 | -------------------------------------------------------------------------------- /libsefs/src/Makefile.am: -------------------------------------------------------------------------------- 1 | lib_LIBRARIES = libsefs.a 2 | 3 | sefsso_DATA = libsefs.so.@libsefs_version@ 4 | sefssodir = $(libdir) 5 | 6 | AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ 7 | @QPOL_CFLAGS@ @APOL_CFLAGS@ @SQLITE3_CFLAGS@ -I$(srcdir)/../include -fpic 8 | AM_CXXFLAGS = @DEBUGCXXFLAGS@ @WARNCXXFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ 9 | @QPOL_CFLAGS@ @APOL_CFLAGS@ @SQLITE3_CFLAGS@ -I$(srcdir)/../include -fpic 10 | AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ 11 | 12 | libsefs_a_SOURCES = \ 13 | db.cc \ 14 | entry.cc \ 15 | fcfile.cc \ 16 | fclist.cc \ 17 | filesystem.cc \ 18 | new_ftw.c new_ftw.h \ 19 | query.cc \ 20 | sefs_internal.hh \ 21 | util.c 22 | 23 | libsefs_a_DEPENDENCIES = \ 24 | $(top_builddir)/libapol/src/libapol.so \ 25 | $(top_builddir)/libqpol/src/libqpol.so 26 | 27 | libsefs_so_OBJS = $(patsubst %.c,%.o,$(filter %.c,$(libsefs_a_SOURCES))) $(patsubst %.cc,%.o,$(filter %.cc,$(libsefs_a_SOURCES))) 28 | libsefs_so_OBJS += $(patsubst %.c,libsqlite_a-%.o,$(filter %.c,$(notdir $(libsqlite_a_SOURCES)))) 29 | 30 | LIBSEFS_SONAME = @libsefs_soname@ 31 | 32 | dist_noinst_DATA = libsefs.map 33 | 34 | $(sefsso_DATA): $(libsefs_so_OBJS) libsefs.map 35 | $(CXX) -shared -o $@ $(libsefs_so_OBJS) $(AM_LDFLAGS) $(LDFLAGS) -Wl,-soname,$(LIBSEFS_SONAME),--version-script=$(srcdir)/libsefs.map,-z,defs $(top_builddir)/libqpol/src/libqpol.so $(top_builddir)/libapol/src/libapol.so $(SQLITE3_LIBS) -lselinux -lsepol 36 | $(LN_S) -f $@ @libsefs_soname@ 37 | $(LN_S) -f $@ libsefs.so 38 | 39 | libsefs.so: $(sefso_DATA) 40 | 41 | $(top_builddir)/libapol/src/libapol.so: 42 | $(MAKE) -C $(top_builddir)/libapol/src $(notdir $@) 43 | 44 | install-data-hook: 45 | cd $(DESTDIR)$(sefssodir) && $(LN_S) -f $(sefsso_DATA) @libsefs_soname@ 46 | cd $(DESTDIR)$(sefssodir) && $(LN_S) -f $(sefsso_DATA) libsefs.so 47 | 48 | mostlyclean-local: 49 | -rm -rf *.gcno *.gcda *.gprof *.gcov libsefs.so @libsefs_soname@ $(sefsso_DATA) 50 | 51 | uninstall-local: 52 | -rm -rf $(DESTDIR)$(sefssodir)/$(sefsso_DATA) $(DESTDIR)$(sefssodir)/@libsefs_soname@ $(DESTDIR)$(sefssodir)/libsefs.so 53 | -------------------------------------------------------------------------------- /libsefs/src/libsefs.map: -------------------------------------------------------------------------------- 1 | VERS_4.0 { 2 | global: 3 | extern "C++" { 4 | # typeinfo exports 5 | *sefs_db; 6 | *sefs_entry; 7 | *sefs_fcfile; 8 | *sefs_fclist; 9 | *sefs_filesystem; 10 | *sefs_query; 11 | *std::invalid_argument; 12 | 13 | sefs_db::*; 14 | sefs_entry::*; 15 | sefs_fcfile::*; 16 | sefs_fclist::*; 17 | sefs_filesystem::*; 18 | sefs_query::*; 19 | }; 20 | sefs_db_*; 21 | sefs_default_file_contexts_get_path; 22 | sefs_entry_*; 23 | sefs_fcfile_*; 24 | sefs_fclist_*; 25 | sefs_filesystem_*; 26 | sefs_query_*; 27 | libsefs_get_version; 28 | local: *; 29 | }; 30 | -------------------------------------------------------------------------------- /libsefs/src/util.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Implementation of utility functions for libsefs. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2006-2007 Tresys Technology, LLC 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2.1 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #include 27 | 28 | #include 29 | 30 | #ifdef LIBSELINUX 31 | #include 32 | #endif 33 | 34 | const char *libsefs_get_version(void) 35 | { 36 | return LIBSEFS_VERSION_STRING; 37 | } 38 | 39 | char *sefs_default_file_contexts_get_path(void) 40 | { 41 | #ifdef LIBSELINUX 42 | return strdup(selinux_file_context_path()); 43 | #else 44 | return strdup(""); 45 | #endif 46 | } 47 | -------------------------------------------------------------------------------- /libsefs/swig/Makefile.am: -------------------------------------------------------------------------------- 1 | if DO_SWIGIFY_PYTHON 2 | MAYBE_PYSWIG = python 3 | endif 4 | 5 | if DO_SWIGIFY_JAVA 6 | MAYBE_JSWIG = java 7 | endif 8 | 9 | if DO_SWIGIFY_TCL 10 | MAYBE_TCLSWIG = tcl 11 | endif 12 | 13 | SUBDIRS = $(MAYBE_PYSWIG) $(MAYBE_JSWIG) $(MAYBE_TCLSWIG) 14 | 15 | dist_noinst_DATA = sefs.i 16 | -------------------------------------------------------------------------------- /libsefs/swig/java/MANIFEST.MF.in: -------------------------------------------------------------------------------- 1 | Manifest-Version: 1.0 2 | 3 | Name: com/tresys/setools/ 4 | Specification-Title: "SETools Java Libraries" 5 | Specification-Version: "@VERSION@" 6 | Specification-Vendor: "Tresys Technology" 7 | Implementation-Title: "com.tresys.setools.sefs" 8 | Implementation-Version: "@libsefs_version@" 9 | Implementation-Vendor: "Tresys Technology" 10 | Extension-List: qpol apol 11 | qpol-Extension-Name: com.tresys.setools.qpol 12 | qpol-Implementation-Version: @libqpol_version@ 13 | apol-Extension-Name: com.tresys.setools.apol 14 | apol-Implementation-Version: @libapol_version@ 15 | -------------------------------------------------------------------------------- /libsefs/swig/python/Makefile.am: -------------------------------------------------------------------------------- 1 | wrappedso_DATA = _sefs.so.@libsefs_version@ 2 | wrappedso_SONAME = @libsefs_pyswig_soname@ 3 | wrappedsodir = $(pkgpyexecdir) 4 | 5 | wrappedpy_DATA = sefs.py 6 | wrappedpydir = $(pkgpyexecdir) 7 | 8 | dist_noinst_DATA = $(srcdir)/../sefs.i 9 | BUILT_SOURCES = sefs_wrap.cc 10 | 11 | AM_CXXFLAGS = @DEBUGCXXFLAGS@ @WARNCXXFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ 12 | @QPOL_CFLAGS@ @APOL_CFLAGS@ -I$(top_builddir) -fpic \ 13 | -I$(top_srcdir)/libsefs/include 14 | AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ @PYTHON_LDFLAGS@ \ 15 | @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@ @SEFS_LIB_FLAG@ @XML_LIBS@ 16 | DEPENDENCIES = $(top_builddir)/libqpol/src/libqpol.so \ 17 | $(top_builddir)/libapol/src/libapol.so \ 18 | $(top_builddir)/libsefs/src/libsefs.so 19 | 20 | $(BUILT_SOURCES): $(dist_noinst_DATA) $(DEPENDENCIES) 21 | $(SWIG) -c++ $(SWIG_PYTHON_OPT) -o $@ \ 22 | -I$(top_srcdir)/libsefs/include -I$(top_srcdir)/libapol/include -I$(top_srcdir)/libqpol/include \ 23 | -I$(top_srcdir)/libqpol/swig -I$(top_srcdir)/libapol/swig $< 24 | 25 | $(wrappedso_DATA): $(BUILT_SOURCES) 26 | $(CXX) -shared -o $@ $^ $(AM_CXXFLAGS) $(CXXFLAGS) $(SWIG_PYTHON_CPPFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -Wl,-soname,$(wrappedso_SONAME) 27 | $(LN_S) -f $@ $(wrappedso_SONAME) 28 | $(LN_S) -f $@ _sefs.so 29 | 30 | $(wrappedpy_DATA): $(BUILT_SOURCES) 31 | 32 | install-data-hook: 33 | cd $(DESTDIR)$(wrappedsodir) && $(LN_S) -f $(wrappedso_DATA) $(wrappedso_SONAME) 34 | cd $(DESTDIR)$(wrappedsodir) && $(LN_S) -f $(wrappedso_DATA) _sefs.so 35 | 36 | uninstall-local: 37 | -rm -rf $(DESTDIR)$(wrappedsodir)/$(wrappedso_SONAME) $(DESTDIR)$(wrappedsodir)/_sefs.so 38 | 39 | MOSTLYCLEANFILES = $(BUILT_SOURCES) $(wrappedso_DATA) $(wrappedpy_DATA) $(wrappedso_SONAME) _sefs.so sefs.pyc 40 | -------------------------------------------------------------------------------- /libsefs/swig/tcl/Makefile.am: -------------------------------------------------------------------------------- 1 | wrappedso_DATA = libtsefs.so.@libsefs_version@ 2 | wrappedso_SONAME = @libsefs_tswig_soname@ 3 | short_name = libtsefs.so 4 | wrappedsodir = $(libdir)/setools/sefs 5 | 6 | package_SCRIPTS = pkgIndex.tcl 7 | packagedir = $(wrappedsodir) 8 | 9 | dist_noinst_DATA = $(srcdir)/../sefs.i 10 | BUILT_SOURCES = sefs_wrap.cc 11 | 12 | AM_CXXFLAGS = @DEBUGCXXFLAGS@ @WARNCXXFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ 13 | @QPOL_CFLAGS@ @APOL_CFLAGS@ -I$(top_builddir) -fpic \ 14 | -I$(top_srcdir)/libsefs/include 15 | AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ @TCL_LIB_SPEC@ \ 16 | @SEFS_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@ 17 | DEPENDENCIES = $(top_builddir)/libqpol/src/libqpol.so \ 18 | $(top_builddir)/libapol/src/libapol.so \ 19 | $(top_builddir)/libsefs/src/libsefs.so 20 | 21 | $(BUILT_SOURCES): $(dist_noinst_DATA) $(DEPENDENCIES) 22 | $(SWIG) -c++ $(SWIG_TCL_OPT) -pkgversion @libsefs_version@ -o $@ -I$(top_srcdir)/libsefs/include -I$(top_srcdir)/libapol/include -I$(top_srcdir)/libapol/swig -I$(top_srcdir)/libqpol/swig $< 23 | 24 | $(wrappedso_DATA): $(BUILT_SOURCES) 25 | $(CXX) -shared -o $@ $^ $(AM_CXXFLAGS) $(CXXFLAGS) $(SWIG_TCL_CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -Wl,-soname,$(wrappedso_SONAME) 26 | $(LN_S) -f $@ $(wrappedso_SONAME) 27 | $(LN_S) -f $@ $(short_name) 28 | 29 | $(package_SCRIPTS): $(wrappedso_DATA) 30 | echo "pkg_mkIndex . $^" | LD_LIBRARY_PATH=$(top_builddir)/libqpol/src:$(top_builddir)/libapol/src:$(top_builddir)/libsefs/src $(TCLSH_PROG) 31 | chmod 644 $@ 32 | $(mkdir_p) sefs 33 | cp $(wrappedso_DATA) $@ sefs 34 | 35 | MOSTLYCLEANFILES = $(BUILT_SOURCES) $(wrappedso_DATA) $(wrappedso_SONAME) $(short_name) $(package_DATA) sefs/$(wrappedso_DATA) sefs/$(package_SCRIPTS) 36 | 37 | CLEANFILES = $(package_SCRIPTS) 38 | -------------------------------------------------------------------------------- /libsefs/tests/Makefile.am: -------------------------------------------------------------------------------- 1 | TESTS = libsefs-tests 2 | check_PROGRAMS = libsefs-tests 3 | 4 | libsefs_tests_SOURCES = \ 5 | fcfile-tests.cc fcfile-tests.hh \ 6 | libsefs-tests.cc 7 | 8 | EXTRA_DIST = file_contexts.confed file_contexts.union file_contexts.broken 9 | 10 | AM_CXXFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ 11 | @QPOL_CFLAGS@ @APOL_CFLAGS@ @SEFS_CFLAGS@ -DSRCDIR="\"$(srcdir)\"" 12 | 13 | AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ 14 | 15 | LDADD = @SELINUX_LIB_FLAG@ @SEFS_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@ @CUNIT_LIB_FLAG@ 16 | 17 | libsefs_tests_DEPENDENCIES = ../src/libsefs.so -------------------------------------------------------------------------------- /libsefs/tests/attic/launch-libsefs-tests.sh: -------------------------------------------------------------------------------- 1 | # Mount the virtual filesystems, execute the the real test, then 2 | # unmount those filesystems. 3 | 4 | mkdir -p non-mls 5 | mkdir -p mls 6 | ./fuse_non_mls non-mls 7 | ./libsefs-tests 8 | result=$? 9 | fusermount -u non-mls 10 | rmdir non-mls 11 | rmdir mls 12 | exit ${result} 13 | -------------------------------------------------------------------------------- /libsefs/tests/fcfile-tests.hh: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * Declarations for libsefs file_contexts file (fcfile) tests. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2007 Tresys Technology, LLC 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2.1 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef FCFILE_TESTS_H 27 | #define FCFILE_TESTS_H 28 | 29 | #include 30 | 31 | extern CU_TestInfo fcfile_tests[]; 32 | extern int fcfile_init(); 33 | extern int fcfile_cleanup(); 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /libsefs/tests/file_contexts.broken: -------------------------------------------------------------------------------- 1 | # An intentionally broken file_contexts file. 2 | 3 | /antietam/burnside -? burnside_u:union_r:general_t 4 | -------------------------------------------------------------------------------- /libsefs/tests/file_contexts.confed: -------------------------------------------------------------------------------- 1 | # Confederate placement as of morning of September 17, 1861. 2 | 3 | / -d maryland_u:location_r:state_t 4 | /sharpsburg -d sharpsburg_u:location_r:city_t 5 | /sharpsburg/lee -l lee_u:confed_r:general_t 6 | /sharpsburg/nicodemus -d sharpsburg_u:location_r:terrain_t 7 | /sharpsburg/nicodemus/jackson(/.*)? -- jackson_u:confed_r:infantry_t 8 | /sharpsburg/nicodemus/stuart -- stuart_u:confed_r:artillery_t 9 | /sharpsburg/west_woods -d sharpsburg_u:location_r:terrain_t 10 | /sharpsburg/west_woods/jackson(/.*)? -c jackson_u:confed_r:infantry_t 11 | /sharpsburg/west_woods/jones -c jones_u:confed_r:infantry_t 12 | /sharpsburg/west_woods/lee -c lee_u:confed_r:artillery_t 13 | /sharpsburg/dunker <> 14 | /sharpsburg/hill -p hill_u:confed_r:infantry_t 15 | /antietam -d sharpsburg_u:location_r:terrain_t 16 | /antietam/cemetary_hill -d sharpsburg_u:location_r:terrain_t 17 | /antietam/cemetary_hill/artillery_ridge -d sharpsburg_u:location_r:terrain_t 18 | /antietam/cemetary_hill/artillery_ridge/anderson(/.*)? -s anderson_u:confed_r:infantry_t 19 | /antietam/cemetary_hill/artillery_ridge/jones(/.*)? -s jones_u:confed_r:infantry_t 20 | /antietam/cemetary_hill/artillery_ridge/walker(/.*)? -s walker_u:confed_r:infantry_t 21 | /antietam/cemetary_hill/artillery_ridge/toombs(/.*)? -s toombs_u:confed_r:artillery_t 22 | 23 | /harpers_ferry virginia_u:location_r:city_t 24 | /harpers_ferry/.* hill_u:confed_r:infantry_t 25 | -------------------------------------------------------------------------------- /libsefs/tests/file_contexts.union: -------------------------------------------------------------------------------- 1 | # Union forces as of morning of September 17, 1861. 2 | 3 | /antietam/mcclellan -l mcclellan_u:union_r:general_t 4 | /antietam/boonsboro -- maryland_u:location_r:city_t 5 | /sharpsburg/north_woods -d sharpsburg_u:location_r:terrain_t 6 | /sharpsburg/north_woods/doubleday -b doubleday_u:union_r:infantry_t 7 | /sharpsburg/north_woods/meade.* -b meade_u:union_r:artillery_t 8 | /sharpsburg/north_woods/ricketts -b ricketts_u:union_r:cavalry_t 9 | /sharpsburg/east_woods(/.*)? sharpsburg_u:location_r:terrain_t 10 | /sharpsburg/east_woods/hooker -p hooker_u:union_r:infantry_t 11 | /sharpsburg/east_woods/mansfield -p mansfield_u:union_r:artillery_t 12 | /sharpsburg/east_woods/sedgwick -p sedgwick_u:union_r:infantry_t 13 | /sharpsburg/corn_field -- <> 14 | /antietam/middle_bridge -b <> 15 | /antietam/lower_bridge -b <> 16 | /antietam/snavely -p <> 17 | -------------------------------------------------------------------------------- /libsefs/tests/libsefs-tests.cc: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * 4 | * CUnit testing framework for libsefs. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2007 Tresys Technology, LLC 10 | * 11 | * This library is free software; you can redistribute it and/or 12 | * modify it under the terms of the GNU Lesser General Public 13 | * License as published by the Free Software Foundation; either 14 | * version 2.1 of the License, or (at your option) any later version. 15 | * 16 | * This library is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 | * Lesser General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public 22 | * License along with this library; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #include 27 | 28 | #include 29 | #include 30 | 31 | #include "fcfile-tests.hh" 32 | 33 | int main(void) 34 | { 35 | if (CU_initialize_registry() != CUE_SUCCESS) 36 | { 37 | return CU_get_error(); 38 | } 39 | 40 | CU_SuiteInfo suites[] = { 41 | {"fcfile", fcfile_init, fcfile_cleanup, fcfile_tests} 42 | , 43 | CU_SUITE_INFO_NULL 44 | }; 45 | 46 | CU_register_suites(suites); 47 | CU_basic_set_mode(CU_BRM_VERBOSE); 48 | CU_basic_run_tests(); 49 | unsigned int num_failures = CU_get_number_of_failure_records(); 50 | CU_cleanup_registry(); 51 | return (int)num_failures; 52 | } 53 | -------------------------------------------------------------------------------- /m4/ac_java_options.m4: -------------------------------------------------------------------------------- 1 | ##### http://autoconf-archive.cryp.to/ac_java_options.html 2 | # 3 | # SYNOPSIS 4 | # 5 | # AC_JAVA_OPTIONS 6 | # 7 | # DESCRIPTION 8 | # 9 | # AC_JAVA_OPTIONS adds configure command line options used for Java 10 | # m4 macros. This Macro is optional. 11 | # 12 | # Note: This is part of the set of autoconf M4 macros for Java 13 | # programs. It is VERY IMPORTANT that you download the whole set, 14 | # some macros depend on other. Unfortunately, the autoconf archive 15 | # does not support the concept of set of macros, so I had to break it 16 | # for submission. The general documentation, as well as the sample 17 | # configure.in, is included in the AC_PROG_JAVA macro. 18 | # 19 | # LAST MODIFICATION 20 | # 21 | # 2000-07-19 22 | # 23 | # COPYLEFT 24 | # 25 | # Copyright (c) 2000 Devin Weaver 26 | # 27 | # Copying and distribution of this file, with or without 28 | # modification, are permitted in any medium without royalty provided 29 | # the copyright notice and this notice are preserved. 30 | 31 | AC_DEFUN([AC_JAVA_OPTIONS],[ 32 | AC_ARG_WITH(java-prefix, 33 | [ --with-java-prefix=PFX prefix where Java runtime is installed (optional)]) 34 | AC_ARG_WITH(javac-flags, 35 | [ --with-javac-flags=FLAGS flags to pass to the Java compiler (optional)]) 36 | AC_ARG_WITH(java-flags, 37 | [ --with-java-flags=FLAGS flags to pass to the Java VM (optional)]) 38 | JAVAPREFIX=$with_java_prefix 39 | JAVACFLAGS=$with_javac_flags 40 | JAVAFLAGS=$with_java_flags 41 | AC_SUBST(JAVAPREFIX)dnl 42 | AC_SUBST(JAVACFLAGS)dnl 43 | AC_SUBST(JAVAFLAGS)dnl 44 | AC_SUBST(JAVA)dnl 45 | AC_SUBST(JAVAC)dnl 46 | ]) 47 | -------------------------------------------------------------------------------- /m4/ac_prog_jar.m4: -------------------------------------------------------------------------------- 1 | ##### http://autoconf-archive.cryp.to/ac_prog_jar.html 2 | # 3 | # SYNOPSIS 4 | # 5 | # AC_PROG_JAR 6 | # 7 | # DESCRIPTION 8 | # 9 | # AC_PROG_JAR tests for an existing jar program. It uses the 10 | # environment variable JAR then tests in sequence various common jar 11 | # programs. 12 | # 13 | # If you want to force a specific compiler: 14 | # 15 | # - at the configure.in level, set JAR=yourcompiler before calling 16 | # AC_PROG_JAR 17 | # 18 | # - at the configure level, setenv JAR 19 | # 20 | # You can use the JAR variable in your Makefile.in, with @JAR@. 21 | # 22 | # Note: This macro depends on the autoconf M4 macros for Java 23 | # programs. It is VERY IMPORTANT that you download that whole set, 24 | # some macros depend on other. Unfortunately, the autoconf archive 25 | # does not support the concept of set of macros, so I had to break it 26 | # for submission. 27 | # 28 | # The general documentation of those macros, as well as the sample 29 | # configure.in, is included in the AC_PROG_JAVA macro. 30 | # 31 | # LAST MODIFICATION 32 | # 33 | # 2000-07-19 34 | # 35 | # COPYLEFT 36 | # 37 | # Copyright (c) 2000 Egon Willighagen 38 | # 39 | # Copying and distribution of this file, with or without 40 | # modification, are permitted in any medium without royalty provided 41 | # the copyright notice and this notice are preserved. 42 | 43 | AC_DEFUN([AC_PROG_JAR],[ 44 | AC_REQUIRE([AC_EXEEXT])dnl 45 | if test "x$JAVAPREFIX" = x; then 46 | test "x$JAR" = x && AC_CHECK_PROGS(JAR, jar$EXEEXT) 47 | else 48 | test "x$JAR" = x && AC_CHECK_PROGS(JAR, jar, $JAVAPREFIX) 49 | fi 50 | test "x$JAR" = x && AC_MSG_ERROR([no acceptable jar program found in \$PATH]) 51 | AC_PROVIDE([$0])dnl 52 | ]) 53 | -------------------------------------------------------------------------------- /man/Makefile.am: -------------------------------------------------------------------------------- 1 | if BUILD_GUI 2 | MAYBEMANS = apol.1 \ 3 | seaudit.8 seaudit-report.8 \ 4 | sediffx.1 5 | endif 6 | 7 | EXTRA_DIST=$(man_MANS) apol.1 \ 8 | seaudit.8 seaudit-report.8.in \ 9 | sediffx.1 10 | 11 | man_MANS = findcon.1 indexcon.1 replcon.1 \ 12 | sechecker.1 \ 13 | sediff.1 \ 14 | seinfo.1 sesearch.1 $(MAYBEMANS) 15 | 16 | seaudit-report.8: seaudit-report.8.in Makefile 17 | sed -e 's|\@setoolsdir\@|$(setoolsdir)|g' $< > $@ 18 | 19 | CLEANFILES = seaudit-report.8 20 | -------------------------------------------------------------------------------- /man/apol.1: -------------------------------------------------------------------------------- 1 | .TH apol 1 2 | .SH NAME 3 | apol \- SELinux policy analysis tool 4 | .SH SYNOPSIS 5 | .B apol 6 | [OPTIONS] [POLICY ...] 7 | .SH DESCRIPTION 8 | .PP 9 | .B apol 10 | is a graphical tool that allows the user to inspect aspects of a SELinux policy. 11 | The tool allows the user to browse policy components (types, classes, roles, users, etc.), rules (TE, RBAC, MLS), and file system contexts. 12 | The tool also provides in depth analyses of domain transitions, information flows, and relabeling permissions. 13 | .SH POLICY 14 | .PP 15 | .B 16 | apol 17 | supports loading a SELinux policy in one of four formats. 18 | .IP "source" 19 | A single text file containing policy source for versions 12 through 21. This file is usually named policy.conf. 20 | .IP "binary" 21 | A single file containing a monolithic kernel binary policy for versions 15 through 21. This file is usually named by version - for example, policy.20. 22 | .IP "modular" 23 | A list of policy packages each containing a loadable policy module. The first module listed must be a base module. 24 | .IP "policy list" 25 | A single text file containing all the information needed to load a policy, usually exported by SETools graphical utilities. 26 | .PP 27 | If a policy is not given on the command line then 28 | .B 29 | apol 30 | will begin with none loaded. 31 | .SH OPTIONS 32 | .IP "-h, --help" 33 | Print help information and exit. 34 | .IP "-V, --version" 35 | Print version information and exit. 36 | .SH AUTHOR 37 | This manual page was written by Jeremy A. Mowery . 38 | .SH COPYRIGHT 39 | Copyright(C) 2001-2007 Tresys Technology, LLC 40 | .SH BUGS 41 | Please report bugs via an email to setools-bugs@tresys.com. 42 | .SH SEE ALSO 43 | seinfo(1), sesearch(1), sechecker(1), indexcon(1) 44 | -------------------------------------------------------------------------------- /man/indexcon.1: -------------------------------------------------------------------------------- 1 | .TH indexcon 1 2 | .SH NAME 3 | indexcon \- SELinux file context indexing tool 4 | .SH SYNOPSIS 5 | .B indexcon 6 | FILE [OPTIONS] 7 | .SH DESCRIPTION 8 | .PP 9 | .B indexcon 10 | allows the user to index the file contexts on a SELinux system, 11 | beginning with the root directory ( 12 | .B 13 | / 14 | ) and recursing into subdirectories. 15 | The index will be written to FILE. 16 | The index can be searched using apol or findcon. 17 | .SH OPTIONS 18 | .IP "-d DIR, --directory=DIR" 19 | Start scanning at directory DIR, and recurse through its subdirectories. 20 | .IP "-h, --help" 21 | Print help information and exit. 22 | .IP "-V, --version" 23 | Print version information and exit. 24 | .SH NOTE 25 | The indexcon utility always operates on "raw" SELinux file contexts. 26 | If the system has an installed translation library (i.e., libsetrans), 27 | those translations are ignored in favor of reading the original 28 | contexts from the filesystem. 29 | .SH AUTHOR 30 | This manual page was written by Jeremy A. Mowery . 31 | .SH COPYRIGHT 32 | Copyright(C) 2003-2007 Tresys Technology, LLC 33 | .SH BUGS 34 | Please report bugs via an email to setools-bugs@tresys.com. 35 | .SH SEE ALSO 36 | apol(1), findcon(1) 37 | -------------------------------------------------------------------------------- /man/seaudit-report.8.in: -------------------------------------------------------------------------------- 1 | .TH seaudit-report 8 2 | .SH NAME 3 | seaudit-report \- SELinux audit log reporting tool 4 | .SH SYNOPSIS 5 | .B seaudit-report 6 | [OPTIONS] LOGFILE ... 7 | .SH DESCRIPTION 8 | .PP 9 | .B seaudit-report 10 | allows the user to generate custom audit log reports from the command line or by integration with the Logwatch tool. 11 | .SH OPTIONS 12 | .IP "-s, --stdin" 13 | Read log data from standard input instead of from a file. 14 | File(s) specified on the command line will be ignored. 15 | .IP "-m, --malformed" 16 | Include malformed log messages in generated report. 17 | .IP "-o FILE, --output=FILE" 18 | Write output to FILE instead of standard output. 19 | .IP "-c FILE, --config=FILE" 20 | Read configuration options from FILE instead of the default config file. 21 | .IP "--html" 22 | Set output format to HTML instead of plain text. 23 | .IP "--stylesheet=FILE" 24 | Specify the HTML stylesheet to use for formatting the HTML report. 25 | This option is ignored if --html is not given. 26 | See the default styesheet for an example (installed at @setoolsdir@/seaudit-report.css). 27 | .IP "-V, --version" 28 | Print version information and exit. 29 | .IP "-h, --help" 30 | Print help information and exit. 31 | .SH AUTHOR 32 | This manual page was written by Jeremy A. Mowery . 33 | .SH COPYRIGHT 34 | Copyright(C) 2004-2007 Tresys Technology, LLC 35 | .SH BUGS 36 | Please report bugs via an email to setools-bugs@tresys.com. 37 | .SH SEE ALSO 38 | seaudit(8) 39 | -------------------------------------------------------------------------------- /man/seaudit.8: -------------------------------------------------------------------------------- 1 | .TH seaudit 8 2 | .SH NAME 3 | seaudit \- SELinux graphical audit log analysis tool 4 | .SH SYNOPSIS 5 | .B seaudit 6 | [OPTIONS] [POLICY ...] 7 | .SH DESCRIPTION 8 | .PP 9 | .B seaudit 10 | allows the user to view and filter the contents of a log file. 11 | .B seaudit 12 | supports the syslog and auditd log formats and provides queries to inspect the SELinux policy based on log messages. 13 | .SH POLICY 14 | .PP 15 | .B 16 | seaudit 17 | supports loading a SELinux policy in one of four formats. 18 | .IP "source" 19 | A single text file containing policy source for versions 12 through 21. This file is usually named policy.conf. 20 | .IP "binary" 21 | A single file containing a monolithic kernel binary policy for versions 15 through 21. This file is usually named by version - for example, policy.20. 22 | .IP "modular" 23 | A list of policy packages each containing a loadable policy module. The first module listed must be a base module. 24 | .IP "policy list" 25 | A single text file containing all the information needed to load a policy, usually exported by SETools graphical utilities. 26 | .PP 27 | If no policy file is provided, 28 | .B 29 | seaudit 30 | will search for the system default policy: checking first for a source policy, next for a binary policy matching the running kernel's preferred version, and finally for the highest version that can be found. 31 | If no policy can be found, 32 | .B 33 | seaudit 34 | will begin with no policy loaded. 35 | .SH OPTIONS 36 | .IP "-l FILE, --log=FILE" 37 | Upon startup, open the log FILE instead of the system log file. 38 | .IP "-h, --help" 39 | Print help information and exit. 40 | .IP "-V, --version" 41 | Print version information and exit. 42 | .SH AUTHOR 43 | This manual page was written by Jeremy A. Mowery . 44 | .SH COPYRIGHT 45 | Copyright(C) 2006-2007 Tresys Technology, LLC 46 | .SH BUGS 47 | Please report bugs via an email to setools-bugs@tresys.com. 48 | .SH SEE ALSO 49 | seaudit-report(8) 50 | -------------------------------------------------------------------------------- /packages/BWidget-1.8.0.tar.bz2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OwlCyberDefense/setools3/f1e5b208d507171968ca4d2eeefd7980f1004a3c/packages/BWidget-1.8.0.tar.bz2 -------------------------------------------------------------------------------- /packages/Makefile.am: -------------------------------------------------------------------------------- 1 | bwidget_destdir = @BWIDGET_DESTDIR@ 2 | dist_noinst_DATA = BWidget-1.8.0.tar.bz2 combobox.tcl mainframe.tcl notebook.tcl \ 3 | Doxyfile 4 | 5 | SUBDIRS = rpm 6 | 7 | if COPY_BWIDGET 8 | copy_bwidget = yes 9 | else 10 | copy_bwidget = no 11 | endif 12 | 13 | pkgconfig_DATA = libqpol.pc libapol.pc libpoldiff.pc libseaudit.pc libsefs.pc 14 | pkgconfigdir = @libdir@/pkgconfig 15 | 16 | BUILT_SOURCES = $(pkgconfig_DATA) 17 | 18 | $(pkgconfig_DATA): $(top_builddir)/config.status 19 | 20 | install-data-local: 21 | if test $(copy_bwidget) = "yes"; then \ 22 | tar jxf BWidget-1.8.0.tar.bz2; \ 23 | test -z "$(bwidget_destdir)" || $(mkdir_p) "$(bwidget_destdir)" ; \ 24 | cd BWidget-1.8.0 ; \ 25 | find . -type d -exec $(mkdir_p) "$(bwidget_destdir)/{}" \; ; \ 26 | find . -type f -exec $(INSTALL_DATA) '{}' $(bwidget_destdir)/'{}' \; ; \ 27 | fi 28 | 29 | %.pc: %.pc.in Makefile 30 | cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) 31 | 32 | uninstall-local: 33 | if test $(copy_bwidget) = "yes"; then \ 34 | rm -rf $(bwidget_destdir) ; \ 35 | fi 36 | 37 | clean-local: 38 | -rm -rf BWidget-1.8.0 39 | -------------------------------------------------------------------------------- /packages/libapol.pc.in: -------------------------------------------------------------------------------- 1 | prefix=@prefix@ 2 | exec_prefix=@exec_prefix@ 3 | libdir=@libdir@ 4 | includedir=@includedir@ 5 | 6 | Name: libapol 7 | Description: SETools policy analysis library 8 | Version: @libapol_version@ 9 | Requires: libqpol >= 1.3 10 | Conflicts: 11 | Libs: -L${libdir} -lapol 12 | Cflags: -I${includedir}/apol 13 | -------------------------------------------------------------------------------- /packages/libpoldiff.pc.in: -------------------------------------------------------------------------------- 1 | prefix=@prefix@ 2 | exec_prefix=@exec_prefix@ 3 | libdir=@libdir@ 4 | includedir=@includedir@ 5 | 6 | Name: libpoldiff 7 | Description: SETools policy difference library 8 | Version: @libpoldiff_version@ 9 | Requires: libqpol >= 1.3, libapol >= 4.0 10 | Conflicts: 11 | Libs: -L${libdir} -lpoldiff 12 | Cflags: -I${includedir}/poldiff 13 | -------------------------------------------------------------------------------- /packages/libqpol.pc.in: -------------------------------------------------------------------------------- 1 | prefix=@prefix@ 2 | exec_prefix=@exec_prefix@ 3 | libdir=@libdir@ 4 | includedir=@includedir@ 5 | 6 | Name: libqpol 7 | Description: SETools policy internals library 8 | Version: @libqpol_version@ 9 | Requires: 10 | Conflicts: 11 | Libs: -L${libdir} -lqpol 12 | Cflags: -I${includedir}/qpol 13 | -------------------------------------------------------------------------------- /packages/libseaudit.pc.in: -------------------------------------------------------------------------------- 1 | prefix=@prefix@ 2 | exec_prefix=@exec_prefix@ 3 | libdir=@libdir@ 4 | includedir=@includedir@ 5 | 6 | Name: libseaudit 7 | Description: SETools audit messages library 8 | Version: @libseaudit_version@ 9 | Requires: libapol >= 4.0 10 | Conflicts: 11 | Libs: -L${libdir} -lseaudit 12 | Cflags: -I${includedir}/seaudit 13 | -------------------------------------------------------------------------------- /packages/libsefs.pc.in: -------------------------------------------------------------------------------- 1 | prefix=@prefix@ 2 | exec_prefix=@exec_prefix@ 3 | libdir=@libdir@ 4 | includedir=@includedir@ 5 | 6 | Name: libsefs 7 | Description: SETools file contexts library 8 | Version: @libsefs_version@ 9 | Requires: libapol >= 4.1, sqlite3 >= 3.2 10 | Conflicts: 11 | Libs: -L${libdir} -lsefs 12 | Cflags: -I${includedir}/sefs 13 | -------------------------------------------------------------------------------- /packages/notebook.tcl: -------------------------------------------------------------------------------- 1 | # this fragment taken from BWidget 1.8 release 2 | proc NoteBook::bindtabs { path event script } { 3 | if { $script != "" } { 4 | append script " \[NoteBook::_get_page_name [list $path] current 1\]" 5 | $path.c bind "page" $event $script 6 | } else { 7 | $path.c bind "page" $event {} 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /packages/rpm/Makefile.am: -------------------------------------------------------------------------------- 1 | dist_noinst_DATA = setools.spec \ 2 | apol.desktop.in seaudit.desktop.in \ 3 | sediffx.desktop.in seaudit.pam seaudit.console.in 4 | 5 | BUILT_SOURCES = apol.desktop seaudit.desktop sediffx.desktop seaudit.console 6 | 7 | %: %.in Makefile 8 | sed -e "s|\@bindir\@|$(bindir)|" -e "s|\@sbindir\@|$(sbindir)|" $< > $@ 9 | 10 | clean-local: 11 | -rm -f $(BUILT_SOURCES) 12 | -------------------------------------------------------------------------------- /packages/rpm/apol.desktop.in: -------------------------------------------------------------------------------- 1 | [Desktop Entry] 2 | Name=SELinux Policy Analysis 3 | GenericName=SELinux Policy Analysis Tool 4 | Comment=This tool can examine, search, and relate policy components and policy rules 5 | Icon=apol.png 6 | Exec=@bindir@/apol 7 | Type=Application 8 | Terminal=false 9 | Encoding=UTF-8 10 | Categories=System; 11 | X-Desktop-File-Install-Version=0.2 12 | StartupNotify=true 13 | -------------------------------------------------------------------------------- /packages/rpm/fc9-compile.patch: -------------------------------------------------------------------------------- 1 | Index: libseaudit/swig/python/Makefile.am 2 | =================================================================== 3 | --- libseaudit/swig/python/Makefile.am (revision 4788) 4 | +++ libseaudit/swig/python/Makefile.am (working copy) 5 | @@ -23,7 +23,7 @@ 6 | -I$(top_srcdir)/libqpol/swig -I$(top_srcdir)/libapol/swig $< 7 | 8 | $(wrappedso_DATA): $(BUILT_SOURCES) 9 | - $(CC) -shared -o $@ $^ $(AM_CFLAGS) $(CFLAGS) $(SWIG_PYTHON_CPPFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -Wl,-soname,$(wrappedso_SONAME) 10 | + $(CC) -std=gnu89 -shared -o $@ $^ $(AM_CFLAGS) $(CFLAGS) $(SWIG_PYTHON_CPPFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -Wl,-soname,$(wrappedso_SONAME) 11 | $(LN_S) -f $@ $(wrappedso_SONAME) 12 | $(LN_S) -f $@ _seaudit.so 13 | 14 | -------------------------------------------------------------------------------- /packages/rpm/seaudit.console.in: -------------------------------------------------------------------------------- 1 | USER=root 2 | PROGRAM=@sbindir@/seaudit 3 | SESSION=true 4 | -------------------------------------------------------------------------------- /packages/rpm/seaudit.desktop.in: -------------------------------------------------------------------------------- 1 | [Desktop Entry] 2 | Name=SELinux Audit Log Analysis 3 | GenericName=SELinux Audit Log Analysis Tool 4 | Comment=This tool parses syslog files and extracts all policy, AVC, and change of boolean messages 5 | Icon=seaudit.png 6 | Exec=@bindir@/seaudit 7 | Type=Application 8 | Terminal=false 9 | Encoding=UTF-8 10 | Categories=System; 11 | X-Desktop-File-Install-Version=0.2 12 | StartupNotify=true 13 | -------------------------------------------------------------------------------- /packages/rpm/seaudit.pam: -------------------------------------------------------------------------------- 1 | #%PAM-1.0 2 | auth include config-util 3 | account include config-util 4 | session include config-util 5 | -------------------------------------------------------------------------------- /packages/rpm/sediffx.desktop.in: -------------------------------------------------------------------------------- 1 | [Desktop Entry] 2 | Name=SELinux Policy Difference 3 | GenericName=SELinux Policy Difference tool 4 | Comment=This tool compares two policy files 5 | Exec=@bindir@/sediffx 6 | Type=Application 7 | Terminal=false 8 | Encoding=UTF-8 9 | Categories=System; 10 | X-Desktop-File-Install-Version=0.2 11 | StartupNotify=true 12 | Icon=sediffx.png 13 | -------------------------------------------------------------------------------- /python/Makefile.am: -------------------------------------------------------------------------------- 1 | if DO_SWIGIFY_PYTHON 2 | MAYBE_PYSWIG = setools 3 | endif 4 | 5 | 6 | SUBDIRS = $(MAYBE_PYSWIG) 7 | -------------------------------------------------------------------------------- /python/setools/Makefile.am: -------------------------------------------------------------------------------- 1 | EXTRA_DIST = \ 2 | sesearch.c \ 3 | seinfo.c \ 4 | __init__.py \ 5 | setup.py \ 6 | $(NULL) 7 | 8 | AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ 9 | @QPOL_CFLAGS@ @APOL_CFLAGS@ 10 | AM_CXXFLAGS = @DEBUGCXXFLAGS@ @WARNCXXFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ 11 | @QPOL_CFLAGS@ @APOL_CFLAGS@ @SEFS_CFLAGS@ 12 | AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ 13 | 14 | LDADD = @SELINUX_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@ 15 | DEPENDENCIES = $(top_builddir)/libapol/src/libapol.so $(top_builddir)/libqpol/src/libqpol.so 16 | all-am: python-build 17 | 18 | seinfo_SOURCES = seinfo.c 19 | 20 | sesearch_SOURCES = sesearch.c 21 | 22 | python-build: sesearch.c seinfo.c 23 | @mkdir -p setools 24 | @cp __init__.py setools 25 | LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" INCLUDES="$(QPOL_CFLAGS) $(APOL_CFLAGS)" $(PYTHON) setup.py build 26 | 27 | install-exec-hook: 28 | $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` 29 | 30 | uninstall-hook: 31 | $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` 32 | 33 | clean-local: 34 | $(PYTHON) setup.py clean -a 35 | rm -f *~ 36 | 37 | -------------------------------------------------------------------------------- /python/setools/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | # Author: Thomas Liu 4 | 5 | import _sesearch 6 | import _seinfo 7 | import types 8 | 9 | TYPE = _seinfo.TYPE 10 | ROLE = _seinfo.ROLE 11 | ATTRIBUTE = _seinfo.ATTRIBUTE 12 | PORT = _seinfo.PORT 13 | USER = _seinfo.USER 14 | 15 | ALLOW = 'allow' 16 | AUDITALLOW = 'auditallow' 17 | NEVERALLOW = 'neverallow' 18 | DONTAUDIT = 'dontaudit' 19 | SCONTEXT = 'scontext' 20 | TCONTEXT = 'tcontext' 21 | PERMS = 'permlist' 22 | CLASS = 'class' 23 | 24 | def sesearch(types, info): 25 | valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT] 26 | for type in types: 27 | if type not in valid_types: 28 | raise ValueError("Type has to be in %s" % valid_types) 29 | info[type] = True 30 | 31 | perms = [] 32 | if PERMS in info: 33 | perms = info[PERMS] 34 | info[PERMS] = ",".join(info[PERMS]) 35 | 36 | 37 | dict_list = _sesearch.sesearch(info) 38 | if dict_list and len(perms) != 0: 39 | dict_list = filter(lambda x: dict_has_perms(x, perms), dict_list) 40 | return dict_list 41 | 42 | def dict_has_perms(dict, perms): 43 | for perm in perms: 44 | if perm not in dict[PERMS]: 45 | return False 46 | return True 47 | 48 | def seinfo(setype, name=None): 49 | dict_list = _seinfo.seinfo(setype, name) 50 | return dict_list 51 | -------------------------------------------------------------------------------- /python/setools/setup.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | # Author: Thomas Liu 4 | import os 5 | from distutils.core import setup, Extension 6 | LIBS=["apol", "qpol"] 7 | 8 | try: 9 | inc=os.getenv("INCLUDES").split(" ") 10 | INCLUDES=map(lambda x: x[2:], inc) 11 | LIBDIRS=map(lambda x: "/".join(x.split("/")[:-1]), os.getenv("LIBS").split()) 12 | except: 13 | INCLUDES="" 14 | LIBDIRS="" 15 | 16 | extension_sesearch = Extension("setools._sesearch", [ "sesearch.c"]) 17 | extension_sesearch.include_dirs=INCLUDES 18 | extension_sesearch.libraries=LIBS 19 | extension_sesearch.library_dirs=LIBDIRS 20 | extension_seinfo = Extension("setools._seinfo", [ "seinfo.c"]) 21 | extension_seinfo.include_dirs=INCLUDES 22 | extension_seinfo.libraries=LIBS 23 | extension_seinfo.library_dirs=LIBDIRS 24 | 25 | setup(name = "setools", version="1.0", description="Python setools bindings", author="Thomas Liu", author_email="tliu@redhat.com", ext_modules=[extension_sesearch, extension_seinfo], packages=["setools"]) 26 | -------------------------------------------------------------------------------- /seaudit/dot_seaudit.in: -------------------------------------------------------------------------------- 1 | # Configuration file for seaudit - an audit log tool for Security 2 | # Enhanced Linux. This file is auto-generated by the build system. 3 | 4 | DEFAULT_LOG_FILE /var/log/audit/audit.log 5 | DEFAULT_POLICY_FILE 6 | DEFAULT_REPORT_CONFIG_FILE @setoolsdir@/seaudit-report.conf 7 | DEFAULT_REPORT_CSS_FILE @setoolsdir@/seaudit-report.css 8 | RECENT_LOG_FILES 9 | RECENT_POLICY_FILES 10 | LOG_COLUMNS_HIDDEN path_field:src_usr_field:src_role_field:tgt_usr_field:tgt_role_field:inode_field:pid_field: 11 | REAL_TIME_LOG_MONITORING 0 12 | REAL_TIME_UPDATE_INTERVAL 1000 13 | -------------------------------------------------------------------------------- /seaudit/filter_view.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Dialog that allows the user to modify a particular filter. 4 | * 5 | * @author Jeremy A. Mowery jmowery@tresys.com 6 | * @author Jason Tang jtang@tresys.com 7 | * 8 | * Copyright (C) 2004-2007 Tresys Technology, LLC 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License as published by 12 | * the Free Software Foundation; either version 2 of the License, or 13 | * (at your option) any later version. 14 | * 15 | * This program is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | * GNU General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU General Public License 21 | * along with this program; if not, write to the Free Software 22 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 23 | */ 24 | 25 | #ifndef FILTER_VIEW_H 26 | #define FILTER_VIEW_H 27 | 28 | #include "toplevel.h" 29 | #include 30 | #include 31 | 32 | /** 33 | * Display and run a dialog that allows the user to modify a single 34 | * filter. 35 | * 36 | * @param top Toplevel containing message view. 37 | * @param view Message view to modify. 38 | * @param parent Parent window upon which to center this dialog. 39 | */ 40 | void filter_view_run(seaudit_filter_t * filter, toplevel_t * top, GtkWindow * parent); 41 | 42 | #endif 43 | -------------------------------------------------------------------------------- /seaudit/modify_view.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Dialog that allows the user to modify the current view. 4 | * 5 | * @author Jeremy A. Mowery jmowery@tresys.com 6 | * @author Jason Tang jtang@tresys.com 7 | * 8 | * Copyright (C) 2004-2007 Tresys Technology, LLC 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License as published by 12 | * the Free Software Foundation; either version 2 of the License, or 13 | * (at your option) any later version. 14 | * 15 | * This program is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | * GNU General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU General Public License 21 | * along with this program; if not, write to the Free Software 22 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 23 | */ 24 | 25 | #ifndef MODIFY_VIEW_H 26 | #define MODIFY_VIEW_H 27 | 28 | #include "toplevel.h" 29 | #include "message_view.h" 30 | 31 | /** 32 | * Display and run a dialog that allows the user to modify a view. 33 | * 34 | * @param top Toplevel containing message view. 35 | * @param view Message view to modify. 36 | * 37 | * @return Non-zero if the view changed, zero if not. 38 | */ 39 | int modify_view_run(toplevel_t * top, message_view_t * view); 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /seaudit/open_policy_window.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Dialog that allows the user to select either a monolithic policy 4 | * or a base policy + list of modules. The dialog may also actually 5 | * open the policy or it may be used simply as a file chooser. 6 | * 7 | * @author Jeremy A. Mowery jmowery@tresys.com 8 | * @author Jason Tang jtang@tresys.com 9 | * 10 | * Copyright (C) 2004-2007 Tresys Technology, LLC 11 | * 12 | * This program is free software; you can redistribute it and/or modify 13 | * it under the terms of the GNU General Public License as published by 14 | * the Free Software Foundation; either version 2 of the License, or 15 | * (at your option) any later version. 16 | * 17 | * This program is distributed in the hope that it will be useful, 18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 | * GNU General Public License for more details. 21 | * 22 | * You should have received a copy of the GNU General Public License 23 | * along with this program; if not, write to the Free Software 24 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 25 | */ 26 | 27 | #ifndef OPEN_POLICY_WINDOW_H 28 | #define OPEN_POLICY_WINDOW_H 29 | 30 | #include "toplevel.h" 31 | #include 32 | 33 | /** 34 | * Display and run a dialog that allows the user open a policy, either 35 | * a monolithic or a modular policy. 36 | * 37 | * @param top Toplevel for the application. 38 | * @param path If not NULL, the default path for the policy. 39 | * @param selection If non-NULL, then allocate and set this reference 40 | * pointer to the path selected; caller must call 41 | * apol_policy_path_destroy() afterwards. Otherwise if NULL then 42 | * actually load the policy and set the path tloplvel_open_policy(). 43 | */ 44 | void open_policy_window_run(toplevel_t * top, const apol_policy_path_t * path, apol_policy_path_t ** selection); 45 | 46 | #endif 47 | -------------------------------------------------------------------------------- /seaudit/preferences_view.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Declaration of preferences editor. 4 | * 5 | * @author Jeremy A. Mowery jmowery@tresys.com 6 | * @author Jason Tang jtang@tresys.com 7 | * 8 | * Copyright (C) 2003-2007 Tresys Technology, LLC 9 | * 10 | * This program is free software; you can redistribute it and/or modify 11 | * it under the terms of the GNU General Public License as published by 12 | * the Free Software Foundation; either version 2 of the License, or 13 | * (at your option) any later version. 14 | * 15 | * This program is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | * GNU General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU General Public License 21 | * along with this program; if not, write to the Free Software 22 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 23 | */ 24 | 25 | #ifndef PREFERENCES_VIEW_H 26 | #define PREFERENCES_VIEW_H 27 | 28 | #include "toplevel.h" 29 | #include 30 | 31 | /** 32 | * Display a dialog from which the user may edit his preferences. 33 | * 34 | * @param top Toplevel object containing preferences to modify 35 | * @param current_log Path to the currently loaded log file, or NULL 36 | * if none loaded. 37 | * @param current_policy Path to the currently loaded policy, or NULL 38 | * if none loaded. 39 | * 40 | * @return Non-zero if preferences changed, zero if not. 41 | */ 42 | int preferences_view_run(toplevel_t * top, const char *current_log, const apol_policy_path_t * current_policy); 43 | 44 | #endif 45 | -------------------------------------------------------------------------------- /seaudit/report_window.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Dialog that generates reports from all messages or only those in 4 | * the current view. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2004-2007 Tresys Technology, LLC 10 | * 11 | * This program is free software; you can redistribute it and/or modify 12 | * it under the terms of the GNU General Public License as published by 13 | * the Free Software Foundation; either version 2 of the License, or 14 | * (at your option) any later version. 15 | * 16 | * This program is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 | * GNU General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU General Public License 22 | * along with this program; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef REPORT_WINDOW_H 27 | #define REPORT_WINDOW_H 28 | 29 | #include "toplevel.h" 30 | #include "message_view.h" 31 | 32 | /** 33 | * Display and run a dialog that allows the user to generate a report. 34 | * 35 | * @param top Toplevel containing preferences and log file for report 36 | * writer. 37 | * @param view Current message view. 38 | */ 39 | void report_window_run(toplevel_t * top, message_view_t * view); 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /seaudit/seaudit-report-group.conf: -------------------------------------------------------------------------------- 1 | # This is the logfile group configuration file for Logwatch 2 | LogFile = messages 3 | 4 | -------------------------------------------------------------------------------- /seaudit/seaudit-report-service.conf: -------------------------------------------------------------------------------- 1 | # This is the service filter configuration file for Logwatch 2 | Title = "seaudit-report" 3 | 4 | # Which logfile group... 5 | LogFile = seaudit-report-group 6 | -------------------------------------------------------------------------------- /seaudit/seaudit-report-service.in: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # shell script to run seaudit-report on STDIN 3 | # 4 | 5 | SEAUDITREPORT=@bindir@ 6 | OPTS="--stdin --malformed" 7 | 8 | echo "Date Range: $LOGWATCH_DATE_RANGE" 9 | echo "Detail Level: $LOGWATCH_DETAIL_LEVEL" 10 | echo "Temp Dir: $LOGWATCH_TEMP_DIR" 11 | echo "Debug Level: $LOGWATCH_DEBUG" 12 | 13 | # execute the program with the specified options 14 | ${SEAUDITREPORT} ${OPTS} 15 | 16 | # program failed 17 | if [ $? -ne 0 ]; then 18 | RC=$? 19 | echo >&2 "Failed while executing seaudit-report.\n" 20 | exit $RC 21 | fi 22 | 23 | # All done, exit ok 24 | exit 0 25 | -------------------------------------------------------------------------------- /seaudit/seaudit-small.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OwlCyberDefense/setools3/f1e5b208d507171968ca4d2eeefd7980f1004a3c/seaudit/seaudit-small.png -------------------------------------------------------------------------------- /seaudit/seaudit.gladep: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | seaudit 6 | seaudit 7 | 8 | -------------------------------------------------------------------------------- /seaudit/seaudit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OwlCyberDefense/setools3/f1e5b208d507171968ca4d2eeefd7980f1004a3c/seaudit/seaudit.png -------------------------------------------------------------------------------- /seaudit/seaudit.xcf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OwlCyberDefense/setools3/f1e5b208d507171968ca4d2eeefd7980f1004a3c/seaudit/seaudit.xcf -------------------------------------------------------------------------------- /sechecker/modules/attribs_wo_types.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Defines the interface for the attributes without types module. 4 | * 5 | * @author Kevin Carr kcarr@tresys.com 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2005-2007 Tresys Technology, LLC 10 | * 11 | * This program is free software; you can redistribute it and/or modify 12 | * it under the terms of the GNU General Public License as published by 13 | * the Free Software Foundation; either version 2 of the License, or 14 | * (at your option) any later version. 15 | * 16 | * This program is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 | * GNU General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU General Public License 22 | * along with this program; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef ATTRIBS_WO_TYPES 27 | #define ATTRIBS_WO_TYPES 28 | 29 | #ifdef __cplusplus 30 | extern "C" 31 | { 32 | #endif 33 | 34 | #include "sechecker.h" 35 | #include 36 | #include 37 | 38 | int attribs_wo_types_register(sechk_lib_t * lib); 39 | int attribs_wo_types_init(sechk_module_t * mod, apol_policy_t * policy, void *arg); 40 | int attribs_wo_types_run(sechk_module_t * mod, apol_policy_t * policy, void *arg); 41 | int attribs_wo_types_print(sechk_module_t * mod, apol_policy_t * policy, void *arg); 42 | int attribs_wo_types_get_list(sechk_module_t * mod, apol_policy_t * policy, void *arg); 43 | 44 | #ifdef __cplusplus 45 | } 46 | #endif 47 | 48 | #endif 49 | -------------------------------------------------------------------------------- /sechecker/modules/domain_and_file.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Defines the interface for the domain and file type module. 4 | * 5 | * @author Kevin Carr kcarr@tresys.com 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2005-2007 Tresys Technology, LLC 10 | * 11 | * This program is free software; you can redistribute it and/or modify 12 | * it under the terms of the GNU General Public License as published by 13 | * the Free Software Foundation; either version 2 of the License, or 14 | * (at your option) any later version. 15 | * 16 | * This program is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 | * GNU General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU General Public License 22 | * along with this program; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef DOMAIN_AND_FILE 27 | #define DOMAIN_AND_FILE 28 | 29 | #ifdef __cplusplus 30 | extern "C" 31 | { 32 | #endif 33 | 34 | #include "sechecker.h" 35 | #include 36 | 37 | int domain_and_file_register(sechk_lib_t * lib); 38 | int domain_and_file_init(sechk_module_t * mod, apol_policy_t * policy, void *arg); 39 | int domain_and_file_run(sechk_module_t * mod, apol_policy_t * policy, void *arg); 40 | int domain_and_file_print(sechk_module_t * mod, apol_policy_t * policy, void *arg); 41 | 42 | #ifdef __cplusplus 43 | } 44 | #endif 45 | 46 | #endif 47 | -------------------------------------------------------------------------------- /sechecker/modules/domains_wo_roles.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Defines the interface for the domains without roles module. 4 | * 5 | * @author Kevin Carr kcarr@tresys.com 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2005-2007 Tresys Technology, LLC 10 | * 11 | * This program is free software; you can redistribute it and/or modify 12 | * it under the terms of the GNU General Public License as published by 13 | * the Free Software Foundation; either version 2 of the License, or 14 | * (at your option) any later version. 15 | * 16 | * This program is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 | * GNU General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU General Public License 22 | * along with this program; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef DOMAINS_WO_ROLES 27 | #define DOMAINS_WO_ROLES 28 | 29 | #ifdef __cplusplus 30 | extern "C" 31 | { 32 | #endif 33 | 34 | #include "sechecker.h" 35 | #include 36 | #include 37 | 38 | int domains_wo_roles_register(sechk_lib_t * lib); 39 | int domains_wo_roles_init(sechk_module_t * mod, apol_policy_t * policy, void *arg); 40 | int domains_wo_roles_run(sechk_module_t * mod, apol_policy_t * policy, void *arg); 41 | int domains_wo_roles_print(sechk_module_t * mod, apol_policy_t * policy, void *arg); 42 | 43 | #ifdef __cplusplus 44 | } 45 | #endif 46 | 47 | #endif 48 | -------------------------------------------------------------------------------- /sechecker/modules/find_assoc_types.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Defines the interface for the association types utility module. 4 | * 5 | * @author Kevin Carr kcarr@tresys.com 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * @author David Windsor dwindsor@tresys.com 9 | * 10 | * Copyright (C) 2005-2007 Tresys Technology, LLC 11 | * 12 | * This program is free software; you can redistribute it and/or modify 13 | * it under the terms of the GNU General Public License as published by 14 | * the Free Software Foundation; either version 2 of the License, or 15 | * (at your option) any later version. 16 | * 17 | * This program is distributed in the hope that it will be useful, 18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 | * GNU General Public License for more details. 21 | * 22 | * You should have received a copy of the GNU General Public License 23 | * along with this program; if not, write to the Free Software 24 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 25 | */ 26 | 27 | #ifndef FIND_ASSOC_TYPES 28 | #define FIND_ASSOC_TYPES 29 | 30 | #ifdef __cplusplus 31 | extern "C" 32 | { 33 | #endif 34 | 35 | #include "sechecker.h" 36 | #include 37 | 38 | /* Module functions: 39 | * Do not change any of these prototypes or you will not be 40 | * able to run the module in the library */ 41 | int find_assoc_types_register(sechk_lib_t * lib); 42 | int find_assoc_types_init(sechk_module_t * mod, apol_policy_t * policy, void *arg); 43 | int find_assoc_types_run(sechk_module_t * mod, apol_policy_t * policy, void *arg); 44 | int find_assoc_types_print(sechk_module_t * mod, apol_policy_t * policy, void *arg); 45 | int find_assoc_types_get_list(sechk_module_t * mod, apol_policy_t * policy, void *arg); 46 | 47 | #ifdef __cplusplus 48 | } 49 | #endif 50 | 51 | #endif 52 | -------------------------------------------------------------------------------- /sechecker/modules/find_domains.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Defines the interface for the find domains utility module. 4 | * 5 | * @author Kevin Carr kcarr@tresys.com 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2005-2007 Tresys Technology, LLC 10 | * 11 | * This program is free software; you can redistribute it and/or modify 12 | * it under the terms of the GNU General Public License as published by 13 | * the Free Software Foundation; either version 2 of the License, or 14 | * (at your option) any later version. 15 | * 16 | * This program is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 | * GNU General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU General Public License 22 | * along with this program; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef FIND_DOMAINS 27 | #define FIND_DOMAINS 28 | 29 | #ifdef __cplusplus 30 | extern "C" 31 | { 32 | #endif 33 | 34 | #include "sechecker.h" 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | 41 | typedef struct find_domains_data 42 | { 43 | apol_vector_t *domain_attribs; 44 | int num_domain_attribs; 45 | } find_domains_data_t; 46 | 47 | void find_domains_data_free(void *data); 48 | find_domains_data_t *find_domains_data_new(void); 49 | 50 | int find_domains_register(sechk_lib_t * lib); 51 | int find_domains_init(sechk_module_t * mod, apol_policy_t * policy, void *arg); 52 | int find_domains_run(sechk_module_t * mod, apol_policy_t * policy, void *arg); 53 | int find_domains_print(sechk_module_t * mod, apol_policy_t * policy, void *arg); 54 | int find_domains_get_list(sechk_module_t * mod, apol_policy_t * policy, void *arg); 55 | 56 | #ifdef __cplusplus 57 | } 58 | #endif 59 | 60 | #endif 61 | -------------------------------------------------------------------------------- /sechecker/modules/find_file_types.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Defines the interface for the find file types utility module. 4 | * 5 | * @author Kevin Carr kcarr@tresys.com 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * @author Randy Wicks rwicks@tresys.com 9 | * 10 | * Copyright (C) 2005-2007 Tresys Technology, LLC 11 | * 12 | * This program is free software; you can redistribute it and/or modify 13 | * it under the terms of the GNU General Public License as published by 14 | * the Free Software Foundation; either version 2 of the License, or 15 | * (at your option) any later version. 16 | * 17 | * This program is distributed in the hope that it will be useful, 18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 | * GNU General Public License for more details. 21 | * 22 | * You should have received a copy of the GNU General Public License 23 | * along with this program; if not, write to the Free Software 24 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 25 | */ 26 | 27 | #ifndef FIND_FILE_TYPES 28 | #define FIND_FILE_TYPES 29 | 30 | #ifdef __cplusplus 31 | extern "C" 32 | { 33 | #endif 34 | 35 | #include "sechecker.h" 36 | #include 37 | #include 38 | #include 39 | #include 40 | 41 | typedef struct find_file_types_data 42 | { 43 | apol_vector_t *file_type_attribs; 44 | int num_file_type_attribs; 45 | } find_file_types_data_t; 46 | 47 | void find_file_types_data_free(void *data); 48 | find_file_types_data_t *find_file_types_data_new(void); 49 | 50 | int find_file_types_register(sechk_lib_t * lib); 51 | int find_file_types_init(sechk_module_t * mod, apol_policy_t * policy, void *arg); 52 | int find_file_types_run(sechk_module_t * mod, apol_policy_t * policy, void *arg); 53 | int find_file_types_print(sechk_module_t * mod, apol_policy_t * policy, void *arg); 54 | int find_file_types_get_list(sechk_module_t * mod, apol_policy_t * policy, void *arg); 55 | 56 | #ifdef __cplusplus 57 | } 58 | #endif 59 | 60 | #endif 61 | -------------------------------------------------------------------------------- /sechecker/modules/find_net_domains.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Defines the interface for the network domain utility module. 4 | * 5 | * @author Kevin Carr kcarr@tresys.com 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * @author David Windsor dwindsor@tresys.com 9 | * 10 | * Copyright (C) 2005-2007 Tresys Technology, LLC 11 | * 12 | * This program is free software; you can redistribute it and/or modify 13 | * it under the terms of the GNU General Public License as published by 14 | * the Free Software Foundation; either version 2 of the License, or 15 | * (at your option) any later version. 16 | * 17 | * This program is distributed in the hope that it will be useful, 18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 | * GNU General Public License for more details. 21 | * 22 | * You should have received a copy of the GNU General Public License 23 | * along with this program; if not, write to the Free Software 24 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 25 | */ 26 | 27 | #ifndef FIND_NET_DOMAINS 28 | #define FIND_NET_DOMAINS 29 | 30 | #ifdef __cplusplus 31 | extern "C" 32 | { 33 | #endif 34 | 35 | #include "sechecker.h" 36 | #include 37 | #include 38 | 39 | /* The find_net_domains_data structure is used to hold the check specific 40 | * private data of a module. */ 41 | typedef struct find_net_domains_data 42 | { 43 | apol_vector_t *net_objs; 44 | } find_net_domains_data_t; 45 | 46 | find_net_domains_data_t *find_net_domains_data_new(void); 47 | void find_net_domains_data_free(void *data); 48 | 49 | int find_net_domains_register(sechk_lib_t * lib); 50 | int find_net_domains_init(sechk_module_t * mod, apol_policy_t * policy, void *arg); 51 | int find_net_domains_run(sechk_module_t * mod, apol_policy_t * policy, void *arg); 52 | int find_net_domains_print(sechk_module_t * mod, apol_policy_t * policy, void *arg); 53 | int find_net_domains_get_list(sechk_module_t * mod, apol_policy_t * policy, void *arg); 54 | 55 | #ifdef __cplusplus 56 | } 57 | #endif 58 | 59 | #endif 60 | -------------------------------------------------------------------------------- /sechecker/modules/find_netif_types.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Defines the interface for the netif types utility module. 4 | * 5 | * @author Kevin Carr kcarr@tresys.com 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * @author David Windsor dwindsor@tresys.com 9 | * 10 | * Copyright (C) 2005-2007 Tresys Technology, LLC 11 | * 12 | * This program is free software; you can redistribute it and/or modify 13 | * it under the terms of the GNU General Public License as published by 14 | * the Free Software Foundation; either version 2 of the License, or 15 | * (at your option) any later version. 16 | * 17 | * This program is distributed in the hope that it will be useful, 18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 | * GNU General Public License for more details. 21 | * 22 | * You should have received a copy of the GNU General Public License 23 | * along with this program; if not, write to the Free Software 24 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 25 | */ 26 | 27 | #ifndef FIND_NETIF_TYPES_H 28 | #define FIND_NETIF_TYPES_H 29 | 30 | #ifdef __cplusplus 31 | extern "C" 32 | { 33 | #endif 34 | 35 | #include "sechecker.h" 36 | #include 37 | #include 38 | #include 39 | 40 | /* Module functions: 41 | * Do not change any of these prototypes or you will not be 42 | * able to run the module in the library */ 43 | int find_netif_types_register(sechk_lib_t * lib); 44 | int find_netif_types_init(sechk_module_t * mod, apol_policy_t * policy, void *arg); 45 | int find_netif_types_run(sechk_module_t * mod, apol_policy_t * policy, void *arg); 46 | int find_netif_types_print(sechk_module_t * mod, apol_policy_t * policy, void *arg); 47 | int find_netif_types_get_list(sechk_module_t * mod, apol_policy_t * policy, void *arg); 48 | 49 | #ifdef __cplusplus 50 | } 51 | #endif 52 | 53 | #endif 54 | -------------------------------------------------------------------------------- /sechecker/modules/find_node_types.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Defines the interface for the node types utility module. 4 | * 5 | * @author Kevin Carr kcarr@tresys.com 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * @author David Windsor dwindsor@tresys.com 9 | * 10 | * Copyright (C) 2005-2007 Tresys Technology, LLC 11 | * 12 | * This program is free software; you can redistribute it and/or modify 13 | * it under the terms of the GNU General Public License as published by 14 | * the Free Software Foundation; either version 2 of the License, or 15 | * (at your option) any later version. 16 | * 17 | * This program is distributed in the hope that it will be useful, 18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 | * GNU General Public License for more details. 21 | * 22 | * You should have received a copy of the GNU General Public License 23 | * along with this program; if not, write to the Free Software 24 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 25 | */ 26 | 27 | #ifndef FIND_NODE_TYPES_H 28 | #define FINE_NODE_TYPES_H 29 | 30 | #ifdef __cplusplus 31 | extern "C" 32 | { 33 | #endif 34 | 35 | #include "sechecker.h" 36 | #include 37 | #include 38 | #include 39 | 40 | /* Module functions: 41 | * Do not change any of these prototypes or you will not be 42 | * able to run the module in the library */ 43 | int find_node_types_register(sechk_lib_t * lib); 44 | int find_node_types_init(sechk_module_t * mod, apol_policy_t * policy, void *arg); 45 | int find_node_types_run(sechk_module_t * mod, apol_policy_t * policy, void *arg); 46 | int find_node_types_print(sechk_module_t * mod, apol_policy_t * policy, void *arg); 47 | int find_node_types_get_list(sechk_module_t * mod, apol_policy_t * policy, void *arg); 48 | 49 | #ifdef __cplusplus 50 | } 51 | #endif 52 | 53 | #endif 54 | -------------------------------------------------------------------------------- /sechecker/modules/find_port_types.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Defines the interface for the port types utility module. 4 | * 5 | * @author Kevin Carr kcarr@tresys.com 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * @author David Windsor dwindsor@tresys.com 9 | * 10 | * Copyright (C) 2005-2007 Tresys Technology, LLC 11 | * 12 | * This program is free software; you can redistribute it and/or modify 13 | * it under the terms of the GNU General Public License as published by 14 | * the Free Software Foundation; either version 2 of the License, or 15 | * (at your option) any later version. 16 | * 17 | * This program is distributed in the hope that it will be useful, 18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 | * GNU General Public License for more details. 21 | * 22 | * You should have received a copy of the GNU General Public License 23 | * along with this program; if not, write to the Free Software 24 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 25 | */ 26 | 27 | #ifndef FIND_PORT_TYPES 28 | #define FIND_PORT_TYPES 29 | 30 | #ifdef __cplusplus 31 | extern "C" 32 | { 33 | #endif 34 | 35 | #include "sechecker.h" 36 | #include 37 | #include 38 | #include 39 | 40 | int find_port_types_register(sechk_lib_t * lib); 41 | int find_port_types_init(sechk_module_t * mod, apol_policy_t * policy, void *arg); 42 | int find_port_types_run(sechk_module_t * mod, apol_policy_t * policy, void *arg); 43 | int find_port_types_print(sechk_module_t * mod, apol_policy_t * policy, void *arg); 44 | int find_port_types_get_list(sechk_module_t * mod, apol_policy_t * policy, void *arg); 45 | 46 | #ifdef __cplusplus 47 | } 48 | #endif 49 | 50 | #endif 51 | -------------------------------------------------------------------------------- /sechecker/modules/imp_range_trans.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Defines the interface for the impossible range_transition module. 4 | * 5 | * @author Jeremy A. Mowery jmowery@tresys.com 6 | * @author Jason Tang jtang@tresys.com 7 | * @author: David Windsor dwindsor@tresys.com 8 | * 9 | * Copyright (C) 2005-2007 Tresys Technology, LLC 10 | * 11 | * This program is free software; you can redistribute it and/or modify 12 | * it under the terms of the GNU General Public License as published by 13 | * the Free Software Foundation; either version 2 of the License, or 14 | * (at your option) any later version. 15 | * 16 | * This program is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 | * GNU General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU General Public License 22 | * along with this program; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef IMP_RANGE_TRANS 27 | #define IMP_RANGE_TRANS 28 | 29 | #ifdef __cplusplus 30 | extern "C" 31 | { 32 | #endif 33 | 34 | #include "sechecker.h" 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | #include 42 | 43 | int imp_range_trans_register(sechk_lib_t * lib); 44 | int imp_range_trans_init(sechk_module_t * mod, apol_policy_t * policy, void *arg); 45 | int imp_range_trans_run(sechk_module_t * mod, apol_policy_t * policy, void *arg); 46 | int imp_range_trans_print(sechk_module_t * mod, apol_policy_t * policy, void *arg); 47 | 48 | #ifdef __cplusplus 49 | } 50 | #endif 51 | 52 | #endif /* IMP_RANGE_TRANS */ 53 | -------------------------------------------------------------------------------- /sechecker/modules/inc_dom_trans.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Defines the interface for the incomplete domain transition module. 4 | * 5 | * @author Kevin Carr kcarr@tresys.com 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2005-2007 Tresys Technology, LLC 10 | * 11 | * This program is free software; you can redistribute it and/or modify 12 | * it under the terms of the GNU General Public License as published by 13 | * the Free Software Foundation; either version 2 of the License, or 14 | * (at your option) any later version. 15 | * 16 | * This program is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 | * GNU General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU General Public License 22 | * along with this program; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef INC_DOM_TRANS 27 | #define INC_DOM_TRANS 28 | 29 | #ifdef __cplusplus 30 | extern "C" 31 | { 32 | #endif 33 | 34 | #include "sechecker.h" 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | 41 | #define SECHK_INC_DOM_TRANS_HAS_TT 0x08 42 | #define SECHK_INC_DOM_TRANS_HAS_EXEC 0x04 43 | #define SECHK_INC_DOM_TRANS_HAS_TRANS 0x02 44 | #define SECHK_INC_DOM_TRANS_HAS_EP 0x01 45 | #define SECHK_INC_DOM_TRANS_COMPLETE (SECHK_INC_DOM_TRANS_HAS_EP|SECHK_INC_DOM_TRANS_HAS_TRANS|SECHK_INC_DOM_TRANS_HAS_EXEC) 46 | 47 | int inc_dom_trans_register(sechk_lib_t * lib); 48 | int inc_dom_trans_init(sechk_module_t * mod, apol_policy_t * policy, void *arg); 49 | int inc_dom_trans_run(sechk_module_t * mod, apol_policy_t * policy, void *arg); 50 | int inc_dom_trans_print(sechk_module_t * mod, apol_policy_t * policy, void *arg); 51 | 52 | #ifdef __cplusplus 53 | } 54 | #endif 55 | 56 | #endif 57 | -------------------------------------------------------------------------------- /sechecker/modules/inc_mount.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Defines the interface for the incomplete mount permissions module. 4 | * 5 | * @author Kevin Carr kcarr@tresys.com 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2005-2007 Tresys Technology, LLC 10 | * 11 | * This program is free software; you can redistribute it and/or modify 12 | * it under the terms of the GNU General Public License as published by 13 | * the Free Software Foundation; either version 2 of the License, or 14 | * (at your option) any later version. 15 | * 16 | * This program is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 | * GNU General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU General Public License 22 | * along with this program; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef INC_MOUNT 27 | #define INC_MOUNT 28 | 29 | #ifdef __cplusplus 30 | extern "C" 31 | { 32 | #endif 33 | 34 | #include "sechecker.h" 35 | #include 36 | #include 37 | 38 | #define SECHK_MOUNT_ONLY_MOUNT 0x01 39 | #define SECHK_MOUNT_ONLY_MOUNTON 0x02 40 | 41 | /* Module functions: 42 | * NOTE: while using a modular format SEChecker is built 43 | * statically; this means that all modules and their functions 44 | * are in the same namespace. */ 45 | int inc_mount_register(sechk_lib_t * lib); 46 | int inc_mount_init(sechk_module_t * mod, apol_policy_t * policy, void *arg); 47 | int inc_mount_run(sechk_module_t * mod, apol_policy_t * policy, void *arg); 48 | int inc_mount_print(sechk_module_t * mod, apol_policy_t * policy, void *arg); 49 | 50 | #ifdef __cplusplus 51 | } 52 | #endif 53 | 54 | #endif 55 | -------------------------------------------------------------------------------- /sechecker/modules/inc_net_access.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Defines the interface for the incomplete network access module. 4 | * 5 | * @author Kevin Carr kcarr@tresys.com 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * @author David Windsor dwindsor@tresys.com 9 | * 10 | * Copyright (C) 2005-2007 Tresys Technology, LLC 11 | * 12 | * This program is free software; you can redistribute it and/or modify 13 | * it under the terms of the GNU General Public License as published by 14 | * the Free Software Foundation; either version 2 of the License, or 15 | * (at your option) any later version. 16 | * 17 | * This program is distributed in the hope that it will be useful, 18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 | * GNU General Public License for more details. 21 | * 22 | * You should have received a copy of the GNU General Public License 23 | * along with this program; if not, write to the Free Software 24 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 25 | */ 26 | 27 | #ifndef INC_NET_ACCESS_H 28 | #define INC_NET_ACCESS_H 29 | 30 | #ifdef __cplusplus 31 | extern "C" 32 | { 33 | #endif 34 | 35 | #include "sechecker.h" 36 | #include 37 | #include 38 | 39 | /* Module functions: 40 | * Do not change any of these prototypes or you will not be 41 | * able to run the module in the library */ 42 | int inc_net_access_register(sechk_lib_t * lib); 43 | int inc_net_access_init(sechk_module_t * mod, apol_policy_t * policy, void *arg); 44 | int inc_net_access_run(sechk_module_t * mod, apol_policy_t * policy, void *arg); 45 | int inc_net_access_print(sechk_module_t * mod, apol_policy_t * policy, void *arg); 46 | 47 | #ifdef __cplusplus 48 | } 49 | #endif 50 | 51 | #endif 52 | -------------------------------------------------------------------------------- /sechecker/modules/roles_wo_allow.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Defines the interface for the roles without allow rules module. 4 | * 5 | * @author Kevin Carr kcarr@tresys.com 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2005-2007 Tresys Technology, LLC 10 | * 11 | * This program is free software; you can redistribute it and/or modify 12 | * it under the terms of the GNU General Public License as published by 13 | * the Free Software Foundation; either version 2 of the License, or 14 | * (at your option) any later version. 15 | * 16 | * This program is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 | * GNU General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU General Public License 22 | * along with this program; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef ROLES_WO_ALLOW 27 | #define ROLES_WO_ALLOW 28 | 29 | #ifdef __cplusplus 30 | extern "C" 31 | { 32 | #endif 33 | 34 | #include "sechecker.h" 35 | #include 36 | #include 37 | #include 38 | 39 | int roles_wo_allow_register(sechk_lib_t * lib); 40 | int roles_wo_allow_init(sechk_module_t * mod, apol_policy_t * policy, void *arg); 41 | int roles_wo_allow_run(sechk_module_t * mod, apol_policy_t * policy, void *arg); 42 | int roles_wo_allow_print(sechk_module_t * mod, apol_policy_t * policy, void *arg); 43 | int roles_wo_allow_get_list(sechk_module_t * mod, apol_policy_t * policy, void *arg); 44 | 45 | #ifdef __cplusplus 46 | } 47 | #endif 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /sechecker/modules/roles_wo_types.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Defines the interface for the roles without types module. 4 | * 5 | * @author Kevin Carr kcarr@tresys.com 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2005-2007 Tresys Technology, LLC 10 | * 11 | * This program is free software; you can redistribute it and/or modify 12 | * it under the terms of the GNU General Public License as published by 13 | * the Free Software Foundation; either version 2 of the License, or 14 | * (at your option) any later version. 15 | * 16 | * This program is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 | * GNU General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU General Public License 22 | * along with this program; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef ROLES_WO_TYPES 27 | #define ROLES_WO_TYPES 28 | 29 | #ifdef __cplusplus 30 | extern "C" 31 | { 32 | #endif 33 | 34 | #include "sechecker.h" 35 | #include 36 | #include 37 | 38 | int roles_wo_types_register(sechk_lib_t * lib); 39 | int roles_wo_types_init(sechk_module_t * mod, apol_policy_t * policy, void *arg); 40 | int roles_wo_types_run(sechk_module_t * mod, apol_policy_t * policy, void *arg); 41 | int roles_wo_types_print(sechk_module_t * mod, apol_policy_t * policy, void *arg); 42 | 43 | #ifdef __cplusplus 44 | } 45 | #endif 46 | 47 | #endif 48 | -------------------------------------------------------------------------------- /sechecker/modules/roles_wo_users.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Defines the interface for the roles without users module. 4 | * 5 | * @author Kevin Carr kcarr@tresys.com 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2005-2007 Tresys Technology, LLC 10 | * 11 | * This program is free software; you can redistribute it and/or modify 12 | * it under the terms of the GNU General Public License as published by 13 | * the Free Software Foundation; either version 2 of the License, or 14 | * (at your option) any later version. 15 | * 16 | * This program is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 | * GNU General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU General Public License 22 | * along with this program; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef ROLES_WO_USERS 27 | #define ROLES_WO_USERS 28 | 29 | #ifdef __cplusplus 30 | extern "C" 31 | { 32 | #endif 33 | 34 | #include "sechecker.h" 35 | #include 36 | #include 37 | #include 38 | 39 | /* Module functions: 40 | * NOTE: while using a modular format SEChecker is built 41 | * statically; this means that all modules and their functions 42 | * are in the same namespace. */ 43 | int roles_wo_users_register(sechk_lib_t * lib); 44 | int roles_wo_users_init(sechk_module_t * mod, apol_policy_t * policy, void *arg); 45 | int roles_wo_users_run(sechk_module_t * mod, apol_policy_t * policy, void *arg); 46 | int roles_wo_users_print(sechk_module_t * mod, apol_policy_t * policy, void *arg); 47 | int roles_wo_users_get_list(sechk_module_t * mod, apol_policy_t * policy, void *arg); 48 | 49 | #ifdef __cplusplus 50 | } 51 | #endif 52 | 53 | #endif 54 | -------------------------------------------------------------------------------- /sechecker/modules/spurious_audit.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Defines the interface for the spurious audit rule module. 4 | * 5 | * @author Kevin Carr kcarr@tresys.com 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * @author Ryan Jordan rjordan@tresys.com 9 | * 10 | * Copyright (C) 2005-2007 Tresys Technology, LLC 11 | * 12 | * This program is free software; you can redistribute it and/or modify 13 | * it under the terms of the GNU General Public License as published by 14 | * the Free Software Foundation; either version 2 of the License, or 15 | * (at your option) any later version. 16 | * 17 | * This program is distributed in the hope that it will be useful, 18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 | * GNU General Public License for more details. 21 | * 22 | * You should have received a copy of the GNU General Public License 23 | * along with this program; if not, write to the Free Software 24 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 25 | */ 26 | 27 | #ifndef SPURIOUS_AUDIT 28 | #define SPURIOUS_AUDIT 29 | 30 | #ifdef __cplusplus 31 | extern "C" 32 | { 33 | #endif 34 | 35 | #include "sechecker.h" 36 | #include 37 | 38 | #define SECHK_SPUR_AU_AA_MISS 0x01 39 | #define SECHK_SPUR_AU_AA_PART 0x02 40 | #define SECHK_SPUR_AU_DA_FULL 0x04 41 | #define SECHK_SPUR_AU_DA_PART 0x08 42 | 43 | /* Module functions: */ 44 | int spurious_audit_register(sechk_lib_t * lib); 45 | int spurious_audit_init(sechk_module_t * mod, apol_policy_t * policy, void *arg); 46 | int spurious_audit_run(sechk_module_t * mod, apol_policy_t * policy, void *arg); 47 | int spurious_audit_print(sechk_module_t * mod, apol_policy_t * policy, void *arg); 48 | 49 | #ifdef __cplusplus 50 | } 51 | #endif 52 | 53 | #endif 54 | -------------------------------------------------------------------------------- /sechecker/modules/template/template.howto: -------------------------------------------------------------------------------- 1 | Instructions for using the template to add new modules 2 | ======================================================== 3 | 1. copy the xx.c and xx.h files to the modules directory 4 | 2. rename the files and replace the text xx with the 5 | module name in both files 6 | 3. add the register function for your module xx_register 7 | to the register_list.h and register_list.c entries 8 | 4. add options and any requirements or dependencies to 9 | the decription in the register function 10 | 5. fill out TODO sections of the template with logic for 11 | your module 12 | 6. recompile 13 | 14 | -------------------------------------------------------------------------------- /sechecker/modules/types_wo_allow.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Defines the interface for the types without allow rules module. 4 | * 5 | * @author Kevin Carr kcarr@tresys.com 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2005-2007 Tresys Technology, LLC 10 | * 11 | * This program is free software; you can redistribute it and/or modify 12 | * it under the terms of the GNU General Public License as published by 13 | * the Free Software Foundation; either version 2 of the License, or 14 | * (at your option) any later version. 15 | * 16 | * This program is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 | * GNU General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU General Public License 22 | * along with this program; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef TYPES_WO_ALLOW 27 | #define TYPES_WO_ALLOW 28 | 29 | #ifdef __cplusplus 30 | extern "C" 31 | { 32 | #endif 33 | 34 | #include "sechecker.h" 35 | #include 36 | #include 37 | #include 38 | 39 | int types_wo_allow_register(sechk_lib_t * lib); 40 | int types_wo_allow_init(sechk_module_t * mod, apol_policy_t * policy, void *arg); 41 | int types_wo_allow_run(sechk_module_t * mod, apol_policy_t * policy, void *arg); 42 | int types_wo_allow_print(sechk_module_t * mod, apol_policy_t * policy, void *arg); 43 | int types_wo_allow_get_list(sechk_module_t * mod, apol_policy_t * policy, void *arg); 44 | 45 | #ifdef __cplusplus 46 | } 47 | #endif 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /sechecker/modules/users_wo_roles.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Defines the interface for the users without roles module. 4 | * 5 | * @author Kevin Carr kcarr@tresys.com 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2005-2007 Tresys Technology, LLC 10 | * 11 | * This program is free software; you can redistribute it and/or modify 12 | * it under the terms of the GNU General Public License as published by 13 | * the Free Software Foundation; either version 2 of the License, or 14 | * (at your option) any later version. 15 | * 16 | * This program is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 | * GNU General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU General Public License 22 | * along with this program; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef USERS_WO_ROLES 27 | #define USERS_WO_ROLES 28 | 29 | #ifdef __cplusplus 30 | extern "C" 31 | { 32 | #endif 33 | 34 | #include "sechecker.h" 35 | #include 36 | #include 37 | 38 | int users_wo_roles_register(sechk_lib_t * lib); 39 | int users_wo_roles_init(sechk_module_t * mod, apol_policy_t * policy, void *arg); 40 | int users_wo_roles_run(sechk_module_t * mod, apol_policy_t * policy, void *arg); 41 | int users_wo_roles_print(sechk_module_t * mod, apol_policy_t * policy, void *arg); 42 | 43 | #ifdef __cplusplus 44 | } 45 | #endif 46 | 47 | #endif 48 | -------------------------------------------------------------------------------- /sechecker/profiles/all-checks-no-mls.sechecker: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 8 | 9 | 10 | 11 | 12 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | -------------------------------------------------------------------------------- /sechecker/profiles/analysis-checks.sechecker: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 8 | 9 | 10 | 11 | 12 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | -------------------------------------------------------------------------------- /sechecker/profiles/devel-checks.sechecker: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 8 | 9 | 10 | 11 | 12 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | -------------------------------------------------------------------------------- /sechecker/profiles/sechecker.dtd: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | -------------------------------------------------------------------------------- /sechecker/sechk_parse.h: -------------------------------------------------------------------------------- 1 | /* Copyright (C) 2005-2007 Tresys Technology, LLC 2 | * This program is free software; you can redistribute it and/or modify 3 | * it under the terms of the GNU General Public License as published by 4 | * the Free Software Foundation; either version 2 of the License, or 5 | * (at your option) any later version. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 15 | */ 16 | 17 | /* 18 | * Author: jmowery@tresys.com 19 | * 20 | */ 21 | 22 | #ifndef SECHK_PARSE_H 23 | #define SECHK_PARSE_H 24 | 25 | #ifdef __cplusplus 26 | extern "C" 27 | { 28 | #endif 29 | 30 | #include "sechecker.h" 31 | 32 | #include 33 | #include 34 | 35 | #define sechk_lib_parse_profile(path, lib) sechk_lib_parse_xml_file(path, lib) 36 | 37 | int sechk_lib_parse_xml_file(const char *filename, sechk_lib_t * lib); 38 | int sechk_lib_process_xml_node(xmlTextReaderPtr reader, sechk_lib_t * lib); 39 | 40 | #ifdef __cplusplus 41 | } 42 | #endif 43 | 44 | #endif 45 | -------------------------------------------------------------------------------- /secmds/Makefile.am: -------------------------------------------------------------------------------- 1 | # various setools command line tools 2 | 3 | bin_PROGRAMS = seinfo sesearch findcon replcon indexcon 4 | 5 | # These are for indexcon so that it is usable on machines without setools 6 | STATICLIBS = ../libsefs/src/libsefs.a ../libapol/src/libapol.a ../libqpol/src/libqpol.a -lsqlite3 7 | 8 | AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ 9 | @QPOL_CFLAGS@ @APOL_CFLAGS@ 10 | AM_CXXFLAGS = @DEBUGCXXFLAGS@ @WARNCXXFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ 11 | @QPOL_CFLAGS@ @APOL_CFLAGS@ @SEFS_CFLAGS@ 12 | AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ 13 | 14 | LDADD = @SELINUX_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@ 15 | DEPENDENCIES = $(top_builddir)/libapol/src/libapol.so $(top_builddir)/libqpol/src/libqpol.so 16 | 17 | seinfo_SOURCES = seinfo.c 18 | 19 | sesearch_SOURCES = sesearch.c 20 | 21 | indexcon_SOURCES = indexcon.cc 22 | indexcon_LDADD = @SELINUX_LIB_FLAG@ $(STATICLIBS) 23 | indexcon_DEPENDENCIES = $(DEPENDENCIES) $(top_builddir)/libsefs/src/libsefs.so 24 | 25 | findcon_SOURCES = findcon.cc 26 | findcon_LDADD = @SEFS_LIB_FLAG@ $(LDADD) 27 | findcon_DEPENDENCIES = $(DEPENDENCIES) $(top_builddir)/libsefs/src/libsefs.so 28 | 29 | replcon_SOURCES = replcon.cc 30 | replcon_LDADD = @SEFS_LIB_FLAG@ $(LDADD) 31 | replcon_DEPENDENCIES = $(DEPENDENCIES) $(top_builddir)/libsefs/src/libsefs.so 32 | 33 | $(top_builddir)/libapol/src/libapol.so: 34 | $(MAKE) -C $(top_builddir)/libapol/src $(notdir $@) 35 | 36 | $(top_builddir)/libqpol/src/libqpol.so: 37 | $(MAKE) -C $(top_builddir)/libqpol/src $(notdir $@) 38 | 39 | $(top_builddir)/libsefs/src/libsefs.so: 40 | $(MAKE) -C $(top_builddir)/libsefs/src $(notdir $@) 41 | -------------------------------------------------------------------------------- /sediff/Makefile.am: -------------------------------------------------------------------------------- 1 | setoolsdir = @setoolsdir@ 2 | 3 | dist_setools_DATA = sediff_help.txt sediffx.glade \ 4 | sediffx.png sediffx-small.png 5 | 6 | if BUILD_GUI 7 | MAYBE_SEDIFFX = sediffx 8 | endif 9 | 10 | bin_PROGRAMS = sediff $(MAYBE_SEDIFFX) 11 | 12 | AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ 13 | @QPOL_CFLAGS@ @APOL_CFLAGS@ @POLDIFF_CFLAGS@ 14 | AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ 15 | 16 | LDADD = @SELINUX_LIB_FLAG@ @POLDIFF_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@ 17 | 18 | sediff_CFLAGS = $(AM_CFLAGS) 19 | sediffx_CFLAGS = $(AM_CFLAGS) \ 20 | @GTK_CFLAGS@ @PIXBUF_CFLAGS@ @GLADE_CFLAGS@ @GTHREAD_CFLAGS@ 21 | 22 | # need the -rdynamic flag below - glade uses dlopen() upon sediffx callbacks 23 | sediffx_LDFLAGS = $(AM_LDFLAGS) \ 24 | @GTK_LIBS@ @PIXBUF_LIBS@ @GLADE_LIBS@ @GTHREAD_LIBS@ @XML_LIBS@ \ 25 | -rdynamic 26 | 27 | DEPENDENCIES = $(top_builddir)/libpoldiff/src/libpoldiff.so \ 28 | $(top_builddir)/libapol/src/libapol.so \ 29 | $(top_builddir)/libqpol/src/libqpol.so 30 | 31 | sediff_SOURCES = sediff.c 32 | 33 | sediffx_SOURCES = \ 34 | find_dialog.c find_dialog.h \ 35 | open_policies_dialog.c open_policies_dialog.h \ 36 | policy_view.c policy_view.h \ 37 | progress.c progress.h \ 38 | remap_types_dialog.c remap_types_dialog.h \ 39 | result_item.c result_item.h \ 40 | result_item_render.c result_item_render.h \ 41 | results.c results.h \ 42 | select_diff_dialog.c select_diff_dialog.h \ 43 | toplevel.c toplevel.h \ 44 | utilgui.c utilgui.h \ 45 | sediffx.c sediffx.h 46 | 47 | $(top_builddir)/libpoldiff/src/libpoldiff.so: 48 | $(MAKE) -C $(top_builddir)/libpoldiff/src $(notdir $@) 49 | 50 | $(top_builddir)/libapol/src/libapol.so: 51 | $(MAKE) -C $(top_builddir)/libapol/src $(notdir $@) 52 | 53 | $(top_builddir)/libqpol/src/libqpol.so: 54 | $(MAKE) -C $(top_builddir)/libqpol/src $(notdir $@) 55 | -------------------------------------------------------------------------------- /sediff/find_dialog.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Headers for displaying a find dialog. 4 | * 5 | * @author Jeremy A. Mowery jmowery@tresys.com 6 | * @author Jason Tang jtang@tresys.com 7 | * @author Brandon Whalen bwhalen@tresys.com 8 | * @author Randy Wicks rwicks@tresys.com 9 | * 10 | * Copyright (C) 2005-2007 Tresys Technology, LLC 11 | * 12 | * This program is free software; you can redistribute it and/or modify 13 | * it under the terms of the GNU General Public License as published by 14 | * the Free Software Foundation; either version 2 of the License, or 15 | * (at your option) any later version. 16 | * 17 | * This program is distributed in the hope that it will be useful, 18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 | * GNU General Public License for more details. 21 | * 22 | * You should have received a copy of the GNU General Public License 23 | * along with this program; if not, write to the Free Software 24 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 25 | */ 26 | 27 | #ifndef FIND_DIALOG_H 28 | #define FIND_DIALOG_H 29 | 30 | typedef struct find_dialog find_dialog_t; 31 | 32 | #include "toplevel.h" 33 | 34 | /** 35 | * Create a find dialog object. The dialog will float above the rest 36 | * of sediffx; it allows the user to search for text either forwards 37 | * or backwards in the currently visible text buffer. 38 | * 39 | * @param top Toplevel object that will control the newly opened find 40 | * dialog. 41 | * 42 | * @return An initialized find dialog object, or NULL upon error. The 43 | * caller must call find_dialog_destroy() upon the returned value. 44 | */ 45 | find_dialog_t *find_dialog_create(toplevel_t * top); 46 | 47 | /** 48 | * Destroy the find_dialog object. This does nothing if the pointer 49 | * is set to NULL. 50 | * 51 | * @param f Reference to a find dialog object. Afterwards the 52 | * pointer will be set to NULL. 53 | */ 54 | void find_dialog_destroy(find_dialog_t ** f); 55 | 56 | /** 57 | * (Re)show the find dialog. 58 | * 59 | * @param f Find dialog to show. 60 | */ 61 | void find_dialog_show(find_dialog_t * f); 62 | 63 | #endif 64 | -------------------------------------------------------------------------------- /sediff/open_policies_dialog.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Dialog that allows the user to select two policies, each either a 4 | * monolithic policy or a base policy + list of modules. The dialog 5 | * then attempts to open those policies. 6 | * 7 | * @author Jeremy A. Mowery jmowery@tresys.com 8 | * @author Jason Tang jtang@tresys.com 9 | * 10 | * Copyright (C) 2007 Tresys Technology, LLC 11 | * 12 | * This program is free software; you can redistribute it and/or modify 13 | * it under the terms of the GNU General Public License as published by 14 | * the Free Software Foundation; either version 2 of the License, or 15 | * (at your option) any later version. 16 | * 17 | * This program is distributed in the hope that it will be useful, 18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 | * GNU General Public License for more details. 21 | * 22 | * You should have received a copy of the GNU General Public License 23 | * along with this program; if not, write to the Free Software 24 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 25 | */ 26 | 27 | #ifndef OPEN_POLICIES_DIALOG_H 28 | #define OPEN_POLICIES_DIALOG_H 29 | 30 | #include "toplevel.h" 31 | #include 32 | 33 | /** 34 | * Display and run a dialog that allows the user open two policies, 35 | * each either a monolithic or a modular policy. 36 | * 37 | * @param top Toplevel for the application. 38 | * @param orig_path If not NULL, the default path for the original 39 | * policy. 40 | * @param mod_path If not NULL, the default path for the modified 41 | * policy. 42 | */ 43 | void open_policies_dialog_run(toplevel_t * top, const apol_policy_path_t * orig_path, const apol_policy_path_t * mod_path); 44 | 45 | #endif 46 | -------------------------------------------------------------------------------- /sediff/remap_types_dialog.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Headers for a dialog that allows users to explicitly remap/remap 4 | * types. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * @author Randy Wicks rwicks@tresys.com 9 | * 10 | * Copyright (C) 2005-2007 Tresys Technology, LLC 11 | * 12 | * This program is free software; you can redistribute it and/or modify 13 | * it under the terms of the GNU General Public License as published by 14 | * the Free Software Foundation; either version 2 of the License, or 15 | * (at your option) any later version. 16 | * 17 | * This program is distributed in the hope that it will be useful, 18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 | * GNU General Public License for more details. 21 | * 22 | * You should have received a copy of the GNU General Public License 23 | * along with this program; if not, write to the Free Software 24 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 25 | */ 26 | 27 | #ifndef REMAP_TYPES_DIALOG_H 28 | #define REMAP_TYPES_DIALOG_H 29 | 30 | #include "toplevel.h" 31 | 32 | /** 33 | * Display and run a dialog that allows the user to add and remove 34 | * type remappings. 35 | * 36 | * @param top Toplevel containing poldiff structure. 37 | * 38 | * @return Non-zero if any mapping was added or removed, zero if there 39 | * were no changes. 40 | */ 41 | int remap_types_run(toplevel_t * top); 42 | 43 | /** 44 | * Notify the remap types dialog that the currently loaded policies 45 | * have changed. This function updates its lists of types from the 46 | * policies. This function must be called at least once prior to 47 | * remap_types_run(). 48 | * 49 | * @param orig_policy Newly loaded original policy. 50 | * @param mod_policy Newly loaded modified policy. 51 | * 52 | * @return 0 on success, < 0 on error. 53 | */ 54 | int remap_types_update(apol_policy_t * orig_policy, apol_policy_t * mod_policy); 55 | 56 | #endif 57 | -------------------------------------------------------------------------------- /sediff/sediffx-small.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OwlCyberDefense/setools3/f1e5b208d507171968ca4d2eeefd7980f1004a3c/sediff/sediffx-small.png -------------------------------------------------------------------------------- /sediff/sediffx-small.xcf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OwlCyberDefense/setools3/f1e5b208d507171968ca4d2eeefd7980f1004a3c/sediff/sediffx-small.xcf -------------------------------------------------------------------------------- /sediff/sediffx.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OwlCyberDefense/setools3/f1e5b208d507171968ca4d2eeefd7980f1004a3c/sediff/sediffx.png -------------------------------------------------------------------------------- /sediff/sediffx.xcf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OwlCyberDefense/setools3/f1e5b208d507171968ca4d2eeefd7980f1004a3c/sediff/sediffx.xcf -------------------------------------------------------------------------------- /sediff/select_diff_dialog.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file 3 | * Dialog that allows the user to select which policy components to 4 | * diff. 5 | * 6 | * @author Jeremy A. Mowery jmowery@tresys.com 7 | * @author Jason Tang jtang@tresys.com 8 | * 9 | * Copyright (C) 2007 Tresys Technology, LLC 10 | * 11 | * This program is free software; you can redistribute it and/or modify 12 | * it under the terms of the GNU General Public License as published by 13 | * the Free Software Foundation; either version 2 of the License, or 14 | * (at your option) any later version. 15 | * 16 | * This program is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 | * GNU General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU General Public License 22 | * along with this program; if not, write to the Free Software 23 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 24 | */ 25 | 26 | #ifndef SELECT_DIFF_DIALOG_H 27 | #define SELECT_DIFF_DIALOG_H 28 | 29 | #include "toplevel.h" 30 | 31 | /** 32 | * Display and run a dialog that allows the user to select which 33 | * policy components to diff. 34 | * 35 | * @param top Toplevel for the application. 36 | * 37 | * @return Bitmap of which components to diff; the bits correspond to 38 | * those defined in poldiff/poldiff.h 39 | */ 40 | int select_diff_dialog_run(toplevel_t * top); 41 | 42 | #endif 43 | --------------------------------------------------------------------------------